Multiple Stored XSS vulnerability in phpMyFAQ

 NetbyteSEC Security Advisory - Multiple Stored XSS vulnerability in phpMyFAQ

Title: Multiple Stored XSS Vulnerabilities in phpMyFAQ
Advisory ID: NBS-2023-0001
Product: phpMyFAQ
Vulnerable Version: prior to 3.1.9
Fixed Version: 3.1.10
CVE ID: CVE-2023-0313
Date of Discovery: Dec 13th 2022
Author: Baharuddin Zulkifli | NetbyteSEC

Product Description

phpMyFAQ is an open-source FAQ web application with a completely database-driven FAQ system. It also supports various databases to store all the data such as MySQL, MariaDB, PostgreSQL, Microsoft SQL Server, and SQLite3.



1) Stored Cross Site Scripting (XSS) 

CVE-ID: CVE-2023-0313
Risk: Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Cross-Site Scripting vulnerability in phpMyFAQ v
3.1.9 allows attackers to execute arbitrary javascript code in a victim's browser which affects multiple modules (User Management, Category, FAQ News, and Configuration Settings). 

Proof of Concept

Figure 1: HTTP POST request

Snippet above shows an HTTP request that contains POST method for sending user information on the user management module. The message body of the request is in JSON format which the realName field contains an HTML image tag that includes an onerror attribute that executes a Javascript payload that would trigger an alert displaying the domain of the website.


Update to the phpMyFAQ version v3.1.10


2022-12-13: Submitting private disclosure report on platform
2022-12-14: Developer acknowledged  the report
2022-12-16: The developer validates the vulnerability
2023-01-06: The developer notify this vulnerability has been fixed in the next release v3.1.10
2023-01-16: Public release of security advisory


NetByteSEC Sdn Bhd
NetbyteSEC Sdn Bhd was incorporated under the Malaysian Companies Act 1965 in 2013.
NetbyteSEC is privately owned and is based in Cyberjaya, Selangor, Malaysia.
More information about NetbyteSEC Sdn Bhd can be found at: