NetbyteSEC Security Advisory - Multiple Stored XSS vulnerability in phpMyFAQ
Vulnerable Version: prior to 3.1.9
Fixed Version: 3.1.10
CVE ID: CVE-2023-0313
Author: Baharuddin Zulkifli | NetbyteSEC
Proof of Concept
|Figure 1: HTTP POST request|
SolutionUpdate to the phpMyFAQ version v3.1.10
Timeline2022-12-13: Submitting private disclosure report on platform https://huntr.dev/
2022-12-14: Developer acknowledged the report
2023-01-06: The developer notify this vulnerability has been fixed in the next release v3.1.10
2023-01-16: Public release of security advisory
NetByteSEC Sdn Bhd
NetbyteSEC Sdn Bhd was incorporated under the Malaysian Companies Act 1965 in 2013.
NetbyteSEC is privately owned and is based in Cyberjaya, Selangor, Malaysia.
More information about NetbyteSEC Sdn Bhd can be found at: