Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1878: Stored XSS in the adminlog functionality. in phpmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

CVE
Open in Source
#xss#git#php

Description

There is a stored XSS in the ‘adminlog’ functionality. E.g. the page http://phpmyfaq.local/admin/?action=adminlog shows (failed) login attempts. If a user with the username ‘<script>alert(1);</script>’ tries to log in, it gets logged and displayed on the adminlog unsanitized.

Proof of Concept

  1. visit http://phpmyfaq.tld/admin/index.php and try to login with <script>alert(1);</script>

after the failed login attempt, visit

  • (as admin) http://phpmyfaq.tld/admin/?action=adminlog to trigger the XSS.

You will notice the script tags being injected:

Invalid user or password.\nLogin: <script>alert(1);</script>\nErrors: Specified login could not be found.

Fix

sanitize $loggingValue[‘text’] in https://github.com/thorsten/phpMyFAQ/blob/5bd0f79d085feb255d893a67d2fcdac51f4cd2ec/phpmyfaq/admin/stat.adminlog.php#L123 before serving it to the admin user.

Impact

Taking over the admin account.

Related news

GHSA-gcmq-7652-x98j: thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the adminlog. This has been fixed in 3.1.12.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE