Headline
CVE-2023-1756: stored XSS after XSS Filter Bypass through exporting an HTML-Document in phpmyfaq
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
Hello,
After mitigation of all submitted XSS Vulnerabilities i was able to detect another XSS and bypass the XSS Filters in the FAQ Site while generating an HTML Export.
Lets see :)
This is th XSS Paylaod with XSS Ahmed 2
Only XSS Ahmed 2 will work !
Now lets export in in HTML5 and open the file the xss alert will be fired.
As you can see this is the XSS Payload lets refresh its stored
Thank you for watching :)
Impact
Hello,
After mitigation of all submitted XSS Vulnerabilities i was able to detect another XSS and bypass the XSS Filters in the FAQ Site while generating an HTML Export.
Lets see :)
This is th XSS Paylaod with XSS Ahmed 2
Only XSS Ahmed 2 will work !
Now lets export in in HTML5 and open the file the xss alert will be fired.
As you can see this is the XSS Payload lets refresh its stored
Thank you for watching :)
Related news
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the FAQ site while generating an HTML Export. This has been fixed in 3.1.12.