{
  "schema_version": "1.4.0",
  "id": "GHSA-48vw-jpf8-hwqh",
  "modified": "2024-03-25T22:31:35Z",
  "published": "2024-03-25T19:45:23Z",
  "aliases": [
    "CVE-2024-28108"
  ],
  "summary": "phpMyFAQ Stored HTML Injection at contentLink",
  "details": "### Summary\nDue to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._\n\n### PoC\n1. Browse to ../phpmyfaq/index.php?action=add&cat=0 , enter `https://test.com?p=<h1>HTML_INJECTION</h1>` for the contentLink parameter.\n![image](https://github.com/thorsten/phpMyFAQ/assets/63487456/4925d1ab-aa64-4781-8a44-f4c30cb8499c)\n\n2. Verify the HTML injection by viewing the FAQ itself, “All categories” → “CategoryName” → ”QuestionName”.\n![image](https://github.com/thorsten/phpMyFAQ/assets/63487456/54b077d8-fab4-4cb6-870c-f19fc25d8252)\n\n### Impact\nAttackers can manipulate the appearance and functionality of web pages by injecting malicious HTML code. This can lead to various undesirable outcomes, such as defacing the website, redirecting users to malicious sites, or altering the content to deceive users. Additionally, unauthenticated HTML injection can compromise user privacy by displaying sensitive information or misleading content. It undermines the integrity of the application and erodes user trust, potentially resulting in loss of reputation and credibility. ",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "phpmyfaq/phpmyfaq"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "3.2.5"
            },
            {
              "fixed": "3.2.6"
            }
          ]
        }
      ],
      "versions": [
        "3.2.5"
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28108"
    },
    {
      "type": "WEB",
      "url": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/thorsten/phpMyFAQ"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-80"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-25T19:45:23Z",
    "nvd_published_at": "2024-03-25T19:15:58Z"
  }
}