Miggo Logo
Miggo Vulnerability Database
CVE-2023-1757

CVE-2023-1757: thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter

8.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-1757
GHSA ID
GHSA-jvjx-qqh7-6x6c
EPSS Score
0.24556%
CWE
CWE-79
Published
4/5/2023
Updated
4/6/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
thorsten/phpmyfaqcomposer< 3.1.123.1.12

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability arises from improper input sanitization and output encoding. The commit diff shows that in News.php, the 'linkTitle' field was not escaped with Strings::htmlentities() before being rendered, directly enabling XSS. Additionally, the form handling code in admin/news.php initially used insufficient input filters (FILTER_SANITIZE_SPECIAL_CHARS/FILTER_UNSAFE_RAW) for the 'link' parameter, but this code is procedural and lacks a named function. The most clearly identifiable vulnerable function is getNews, where missing output encoding directly caused the XSS.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

t*orst*n/p*pmy**q prior to *.*.** is vuln*r**l* to stor** *ross-sit* s*riptin* (XSS) ****us* it **ils to s*nitiz* us*r input in t** **Q N*ws link p*r*m*t*r. T*is **s ***n *ix** in *.*.**.

Reasoning

T** vuln*r**ility *ris*s *rom improp*r input s*nitiz*tion *n* output *n*o*in*. T** *ommit *i** s*ows t**t in N*ws.p*p, t** 'linkTitl*' *i*l* w*s not *s**p** wit* Strin*s::*tml*ntiti*s() ***or* **in* r*n**r**, *ir**tly *n**lin* XSS. ***ition*lly, t**