WRITEUP

WRITEUP

Exploit for CVE-2023-1760 - thorsten/phpmyfaq <3.1.12 - XSS

AI Analysis

The patch demonstrates a fix for CVE-2023-1760, which involves missing HTML entity conversion in phpMyFAQ's UserHelper.php. The vulnerability likely allows XSS due to unsanitized user input in the display_name field.

Attack Type

XSS

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1059.007 - JavaScript

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770

Authors

Thorsten Rinne

Vulnerability

CVE-2023-1760

thorsten/phpmyfaq <3.1.12 - XSS

MEDIUM

CVSS 4.8