WRITEUP

WRITEUP

Exploit for CVE-2023-0791 - Phpmyfaq < 3.1.11 - XSS

AI Analysis

The patch addresses a Cross-Site Scripting (XSS) vulnerability in phpMyFAQ by adding input escaping for user-provided values in the admin interface. The fix introduces an escape function to sanitize instance and comment fields before rendering them in HTML.

Attack Type

XSS

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1059.007 - JavaScript

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce

Authors

Thorsten Rinne

Vulnerability

CVE-2023-0791

Phpmyfaq < 3.1.11 - XSS

HIGH

CVSS 8.3