Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-6889: stored XSS Bypass in the TAGS Section and other places in the application in phpmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.

CVE
Open in Source
#xss#git#php

Hello,

I was able to bypass the XSS Protection and get a stored XSS using the XSS Payload in the Video and Screenshots.

Thank you for your time and effort.

Best regards Ahmed Hassan

Impact

Hello,

I was able to bypass the XSS Protection and get a stored XSS using the XSS Payload in the Video and Screenshots.

Thank you for your time and effort.

Best regards Ahmed Hassan

References

  • stored XSS Bypass in the TAGS Section - Screenshot 1
  • stored XSS Bypass in the TAGS Section - Video PoC
  • stored XSS Bypass in the TAGS Section - Screenshot 2
  • stored XSS Bypass in the TAGS Section - Video PoC 2

Related news

GHSA-w8xj-992g-842f: phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE