CVE-2024-28106

MEDIUM4.3EPSS 0.16%

phpMyFAQ Stored Cross-site Scripting at FAQ News Content

Published: 3/25/2024Modified: 3/25/2024

Description

### Summary By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. ### PoC 1. Edit a FAQ news, intercept the request and modify the `news` parameter in the POST body with the following payload: `%3cscript%3ealert('xssContent')%3c%2fscript%3e` 2. Browse to the particular news page and the XSS should pop up. ![image](https://github.com/thorsten/phpMyFAQ/assets/63487456/01312703-c54c-4ee6-9f2c-0dd1bf1b23cf) ### Impact This allows an attacker to execute arbitrary client side JavaScript within the context of another user's phpMyFAQ session

Affected packages (1)

Packagist/phpmyfaq/phpmyfaq>= 3.2.5, < 3.2.6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Description

Affected packages (1)

CVSS scores

References (4)