Headline
GHSA-6p68-36m6-392r: phpMyFAQ Stored Cross-site Scripting at FAQ News Content
Summary
By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers.
PoC
- Edit a FAQ news, intercept the request and modify the
newsparameter in the POST body with the following payload:%3cscript%3ealert('xssContent')%3c%2fscript%3e - Browse to the particular news page and the XSS should pop up.
Impact
This allows an attacker to execute arbitrary client side JavaScript within the context of another user’s phpMyFAQ session
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-28106
phpMyFAQ Stored Cross-site Scripting at FAQ News Content
Moderate severity GitHub Reviewed Published Mar 25, 2024 in thorsten/phpMyFAQ • Updated Mar 25, 2024
Package
composer phpmyfaq/phpmyfaq (Composer)
Affected versions
= 3.2.5
Summary
By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers.
PoC
- Edit a FAQ news, intercept the request and modify the news parameter in the POST body with the following payload: %3cscript%3ealert(‘xssContent’)%3c%2fscript%3e
- Browse to the particular news page and the XSS should pop up.
Impact
This allows an attacker to execute arbitrary client side JavaScript within the context of another user’s phpMyFAQ session
References
- GHSA-6p68-36m6-392r
- thorsten/phpMyFAQ@c94b3de
Published to the GitHub Advisory Database
Mar 25, 2024
Last updated
Mar 25, 2024