PHPMyFAQ 2.9.8 Cross-Site Scripting

2017.09.22
Credit: Ishaq Mohammed
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2017-14618
CWE: N/A


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: phpMyFAQ 2.9.8 Stored XSS # Vendor Homepage: http://www.phpmyfaq.de/ # Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip # Exploit Author: Ishaq Mohammed # Contact: https://twitter.com/security_prince # Website: https://about.me/security-prince # Category: webapps # CVE: CVE-2017-14618 1. Description Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14618 2. Proof of Concept Steps to Reproduce: 1. Open the affected link " http://localhost/phpmyfaq/admin/?action=editentry" with logged in user with administrator privileges 2. Enter the <a onmouseover=alert(document.cookie)>xss link</a> in the “Questions” 3. Save the FAQ 4. Login using any other user or simply click on the phpMyFAQ on the top-right hand side of the web portal 5. Click on the latest FAQ added 6. Hover around the name "xss link" 3. Solution: The issue is now patched by the vendor https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86

References:

https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top