{ "schema_version": "1.4.0", "id": "GHSA-6p68-36m6-392r", "modified": "2024-03-25T22:28:12Z", "published": "2024-03-25T19:45:52Z", "aliases": [ "CVE-2024-28106" ], "summary": "phpMyFAQ Stored Cross-site Scripting at FAQ News Content", "details": "### Summary\nBy manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers.\n\n### PoC\n1. Edit a FAQ news, intercept the request and modify the `news` parameter in the POST body with the following payload: `%3cscript%3ealert('xssContent')%3c%2fscript%3e`\n2. Browse to the particular news page and the XSS should pop up.\n![image](https://github.com/thorsten/phpMyFAQ/assets/63487456/01312703-c54c-4ee6-9f2c-0dd1bf1b23cf)\n\n### Impact\nThis allows an attacker to execute arbitrary client side JavaScript within the context of another user's phpMyFAQ session", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L" } ], "affected": [ { "package": { "ecosystem": "Packagist", "name": "phpmyfaq/phpmyfaq" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "3.2.5" }, { "fixed": "3.2.6" } ] } ], "versions": [ "3.2.5" ] } ], "references": [ { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28106" }, { "type": "WEB", "url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a" }, { "type": "PACKAGE", "url": "https://github.com/thorsten/phpMyFAQ" } ], "database_specific": { "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-03-25T19:45:52Z", "nvd_published_at": "2024-03-25T19:15:58Z" } }