PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)







# Exploit Title: phpMyFAQ 2.9.8 Stored XSS
# Vendor Homepage:
# Software Link:
# Exploit Author: Ishaq Mohammed
# Contact:
# Website:
# Category: webapps
# CVE: CVE-2017-14618

1. Description

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ
through 2.9.8 allows remote attackers to inject arbitrary web script or
HTML via the Questions field in an "Add New FAQ" action.

2. Proof of Concept

Steps to Reproduce:

   1. Open the affected link "
   http://localhost/phpmyfaq/admin/?action=editentry" with logged in user
   with administrator privileges
   2. Enter the <a onmouseover=alert(document.cookie)>xss link</a> in the
   3. Save the FAQ
   4. Login using any other user or simply click on the phpMyFAQ on the
   top-right hand side of the web portal
   5. Click on the latest FAQ added
   6. Hover around the name "xss link"

3. Solution:

This vulnerability will be fixed in phpMyFAQ 2.9.9