Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Valid

Reported on

Oct 16th 2021

✍️ Description

The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing.

Proof of Concept

Check this video for POC: Video

Impact

This can allow attackers to execute arbitrary JavaScript code in different contexts for different purposes (eg: a malicious attacker could potentially steal the victim's session cookies and completely takeover their accounts).

We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back 2 years ago
Thorsten Rinne validated this vulnerability 2 years ago
0x7zed has been awarded the disclosure bounty
The fix bounty is now up for grabs
Thorsten Rinne
2 years ago

Maintainer

Which browser do you use here? I cannot reproduce it with the current version of Brave.

0x7zed
2 years ago

Researcher

I don't think it's a browser issue, i was able to reproduce the issue with this payload <img src=x onerror=alert(0)> in the current version of Brave

Thorsten Rinne submitted a
patch
2 years ago
Thorsten Rinne submitted a
patch
2 years ago
Thorsten Rinne marked this as fixed in 3.0.10 with commit 560239 2 years ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability will not receive a CVE
Meta.php#L172-L174 has been validated
Meta.php#L64-L66 has been validated
to join this conversation