phpMyFAQ 2.9.8 Stored XSS

vendor:

phpMyFAQ

by:

Ishaq Mohammed

6,1

CVSS

MEDIUM

Stored XSS

CWE

Product Name: phpMyFAQ

Affected Version From: 2.9.8

Affected Version To: 2.9.8

Patch Exists: NO

Related CWE: CVE-2017-14619

CPE: 2.9.8

Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2017-14619/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2017

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the 'Title of your FAQ' field in the Configuration Module.

Mitigation:

The Vulnerability will be fixed in the next release of phpMyFAQ.

Source

Exploit-DB raw data:

# Exploit Title: phpMyFAQ 2.9.8 Stored XSS
# Vendor Homepage: http://www.phpmyfaq.de/
# Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip
# Exploit Author: Ishaq Mohammed
# Contact: https://twitter.com/security_prince
# Website: https://about.me/security-prince
# Category: webapps
# CVE: CVE-2017-14619

1. Description

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows
remote attackers to inject arbitrary web script or HTML via the "Title of
your FAQ" field in the Configuration Module.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14619
https://securityprince.blogspot.fr/2017/10/cve-2017-14619-phpmyfaq-298-cross-site_92.html

2. Proof of Concept

Steps to Reproduce:

   1. Open the affected link http://localhost/phpmyfaq/admin/?action=config
   with logged in user with administrator privileges
   2. Enter the <marquee onscroll=alert(document.cookie)> in the “Title of
   your FAQ field”
   3. Save the Configuration
   4. Login using any other user or simply click on the phpMyFAQ on the
   top-right hand side of the web portal


3. Solution:

The Vulnerability will be fixed in the next release of phpMyFAQ