3 .Click edit on ...">Store XSS in Users - vulnerability database | Vulners.com 3 .Click edit on ..."> 3 .Click edit on ..."> 3 .Click edit on ...">
Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrHainguyen0207E2542CBE-41AB-4A90-B6A4-191884C1834D
HistorySep 01, 2023 - 6:44 p.m.

Store XSS in Users

2023-09-0118:44:52
hainguyen0207
www.huntr.dev
8
security flaw
xss vulnerability
user input
malicious code
injection
bug bounty

0.0004 Low

EPSS

Percentile

14.2%

JSON

Description

I noticed, your website is very secure.

But you overlooked a flaw XSS .

Proof of Concept

Detail:

1 .Login vs admin demo account and access admin page.

2 .Create a users ,insert payload in to Real name

 test"&gt;<img src>

3 .Click edit on the user just created, detect XSS

Video Poc

https://drive.google.com/file/d/1o90LvU60Rux8_ZpucmLRF0mAbBTpDzjs/view?usp=sharing

Related

cve 1
nvd 1
osv 2
github 1
prion 1
cvelist 1
rapid7blog 1
openvas 1
cve
cve
CVE-2023-5319
2023-09-30 01:15:39
nvd
nvd
CVE-2023-5319
2023-09-30 01:15:39
osv
osv
phpMyFAQ Cross-site Scripting vulnerability
2023-09-30 03:31:49
CVE-2023-5319
2023-09-30 01:15:39
github
github
phpMyFAQ Cross-site Scripting vulnerability
2023-09-30 03:31:49
prion
prion
Cross site scripting
2023-09-30 01:15:00
cvelist
cvelist
CVE-2023-5319 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
2023-09-30 00:00:16
rapid7blog
rapid7blog
Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
2023-07-18 15:28:45
openvas
openvas
phpMyFAQ < 3.1.18 Multiple Vulnerabilities
2023-10-03 00:00:00

0.0004 Low

EPSS

Percentile

14.2%

JSON
Related for E2542CBE-41AB-4A90-B6A4-191884C1834D
cve1nvd1osv2github1prion1cvelist1rapid7blog1openvas1