Stored cross site scripting vulnerability in “name” field in add question module. This allows attacker to stolen user cookies.
1 . Login to the demo account https://roy.demo.phpmyfaq.de/
2 . Login as demo user
3 . Click add question
4 . Add payload in “Your Name” (payload = "><img src> )
5 . Fill the question form and submit.
6 . Now login to admin account and go to dashboard
7 . Go to open questions
8 . Click “answer the question” the payload question earlier you added
9 . Alert will popup