GHSA-6p68-36m6-392r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6p68-36m6-392r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-6p68-36m6-392r/GHSA-6p68-36m6-392r.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-6p68-36m6-392r
- Aliases
- Published
- 2024-03-25T19:45:52Z
- Modified
- 2024-03-25T22:28:12Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- phpMyFAQ Stored Cross-site Scripting at FAQ News Content
- Details
-
Summary
By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers.
PoC
- Edit a FAQ news, intercept the request and modify the
newsparameter in the POST body with the following payload:%3cscript%3ealert('xssContent')%3c%2fscript%3e - Browse to the particular news page and the XSS should pop up.
Impact
This allows an attacker to execute arbitrary client side JavaScript within the context of another user's phpMyFAQ session
- Edit a FAQ news, intercept the request and modify the
- Database specific
{ "nvd_published_at": "2024-03-25T19:15:58Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-03-25T19:45:52Z" }- References
Affected packages
Packagist / phpmyfaq/phpmyfaq
Package
- Name
- phpmyfaq/phpmyfaq
- Purl
- pkg:composer/phpmyfaq/phpmyfaq