Cross-site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the missing conversion for HTML entities in report.view.php, allowing an attacker to inject and execute malicious JavaScript through the FAQ-Proposal, which leads to an admin account takeover...

Stored HTML Injection

phpmyfaq is vulnerable to Stored HTML Injection. The vulnerability exists due to improper handling of inputs through the FAQ-Proposal Form, which allows an attacker to inject and execute malicious HTML content in the web page when an admin views the proposal, possibly leading to code execution...

stored Blind XSS in Admin Panel through FAQ-Proposal leads to Admin Full Account Takeover

Hello. Vulnerability: Blind XSS in Admin Panel while generating Report 1. Without beeing logged in the Application 2. Go to FAQ-Proposal - put an XSS Payload like alert'1' in the question Field 4. Send the Proposal ------ 4. Admin will login 5. The Proposal will pop up in the Category you specifi...

stored HTML-Injection in the FAQ-Proposal

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan [email protected] and I were able to identify another stored HTML-Injection Vulnerability in the FAQ-Proposal Form. The Process of the...