Lucene search

GitHub Advisory DatabaseGHSA-6P68-36M6-392R

HistoryMar 25, 2024 - 7:45 p.m.

phpMyFAQ Stored Cross-site Scripting at FAQ News Content

2024-03-2519:45:52

CWE-79

GitHub Advisory Database

github.com

stored cross-site scripting

faq news

post request

javascript

impact

phpmyfaq

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Summary

By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers.

PoC

Edit a FAQ news, intercept the request and modify the news parameter in the POST body with the following payload: %3cscript%3ealert('xssContent')%3c%2fscript%3e
Browse to the particular news page and the XSS should pop up.

Impact

This allows an attacker to execute arbitrary client side JavaScript within the context of another user’s phpMyFAQ session

Affected configurations

Vulners

Node

phpmyfaqphpmyfaqMatch3.2.5

CPENameOperatorVersion
phpmyfaq/phpmyfaqeq3.2.5

CPE	Name	Operator	Version
	phpmyfaq/phpmyfaq	eq	3.2.5

References

github.com/advisories/GHSA-6p68-36m6-392r

github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a

github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r

nvd.nist.gov/vuln/detail/CVE-2024-28106