Lucene search
Chucsse8282D78E-F399-4BF4-8403-F39103A31E78HistoryMay 04, 2023 - 10:32 a.m.
Stored xss in module FAQ News
2023-05-0410:32:27
chucsse
www.huntr.dev
6
stored xss
admin account
interception
burp
source code
faq status
published
iframe
user account demo
bug bounty
0.001 Low
EPSS
Percentile
30.6%
Description
When admins create a FAQ News they can pass xss to the “text of the record” section
Proof of Concept
1.Login to admin account
2.In the CONTENT section, click on FAQ News
3.Add any type of source code and notice select Faq status as published
4.Turn on intercept with burp and click save
5.We change the parameter answer=…<code>payload</code>… and press forward
<iframe srcdoc='<body onload=prompt(1)>'>
6.Go to user account demo
7.On the homepage of the search section
xss will trigger
VIDEO POC
https://drive.google.com/file/d/1wFY-7Yh_vhcbdyApXo_iv7elbi57WXI9/view?usp=sharing
Related
prion
prion
Cross site scripting
2023-05-31 01:15:00
nvd
nvd
CVE-2023-2998
2023-05-31 01:15:43
cve
cve
CVE-2023-2998
2023-05-31 01:15:43
cvelist
cvelist
CVE-2023-2998 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
2023-05-31 00:00:00
osv
osv
CVE-2023-2998
2023-05-31 01:15:43
thorsten/phpmyfaq vulnerable to cross-site scripting
2023-05-31 03:30:15
github
github
thorsten/phpmyfaq vulnerable to cross-site scripting
2023-05-31 03:30:15
veracode
veracode
Cross-Site Scripting (XSS)
2023-06-13 11:10:31
openvas
openvas
phpMyFAQ < 3.1.14 Multiple XSS Vulnerabilities
2023-06-01 00:00:00