Lucene search
Hainguyen02075E146E7C-60C7-498B-9FFE-FD4CB4CA8C54HistorySep 01, 2023 - 2:46 a.m.
Store XSS in FAQ Multisites
2023-09-0102:46:46
hainguyen0207
www.huntr.dev
1
xss
vulnerability
faq multisites
javascript
security
bypass
0.0004 Low
EPSS
Percentile
14.2%
Description I noticed, your website is very secure.
But you overlooked a flaw XSS
Proof of Concept
1 .Login vs admin demo account and access admin page.
2 .Go to Configuration ==> FAQ Multisites
3 . Edit Instance URL with payload:
javascript:alert(document.domain)
4 .Edit Instance path with payload:
%20
5 .Click Save instance ==Detect XSS
Video Poc
https://drive.google.com/file/d/1PoNK_Up7IEgR44NnFp-SI6O1wKWhI-ov/view?usp=sharing
Related
prion
prion
Cross site scripting
2023-09-30 01:15:00
osv
osv
CVE-2023-5317
2023-09-30 01:15:39
phpMyFaq Cross-site Scripting vulnerability
2023-09-30 03:31:49
veracode
veracode
Cross-Site Scripting (XSS)
2023-10-03 09:21:26
cve
cve
CVE-2023-5317
2023-09-30 01:15:39
cvelist
cvelist
CVE-2023-5317 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
2023-09-30 00:00:17
nvd
nvd
CVE-2023-5317
2023-09-30 01:15:39
github
github
phpMyFaq Cross-site Scripting vulnerability
2023-09-30 03:31:49
openvas
openvas
phpMyFAQ < 3.1.18 Multiple Vulnerabilities
2023-10-03 00:00:00