Security Advisory: CVE-2017-14618 - PHPMyFAQ 2.9.8 - Cross-Site Scripting
Severity Rating: Medium
Confirmed Affected Versions: 2.9.8
Confirmed Patched Versions: 2.9.9
Vendor URL: http://www.phpmyfaq.de/
ExploitDB URL: https://www.exploit-db.com/exploits/42761/
phpMyFAQ Security Advisory: http://www.phpmyfaq.de/security/advisory-2017-10-19
phpMyFAQ is a multilingual, completely database-driven FAQ-system. It supports various databases to store all data, PHP 5.4.4+ or HHVM 3.4.2+ is needed in order to access this data. phpMyFAQ also offers a multi-language Content Management System with a WYSIWYG editor and an Image Manager, flexible multi-user support with user and group based permissions on categories and records, a wiki-like revision feature, a news system, user-tracking, 40+ supported languages, enhanced automatic content negotiation, HTML5/CSS3 based templates, PDF-support, a backup-system, a dynamic sitemap, related FAQs, tagging, RSS feeds, built-in spam protection systems, OpenLDAP and Microsoft Active Directory support, and an easy to use installation script.
phpMyFAQ is developed and maintained by Thorsten Rinne
SUMMARY AND IMPACT
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an “Add New FAQ” action.
In phpMYFAQ Administrator has the privilege to “Add New FAQ” on the phpMyFAQ Portal. The “Questions” field does not properly filter and sanitize the user input which thus, results into a Stored Cross Site Scripting Vulnerability.
PROOF OF CONCEPT
There is no workaround except for updating to the latest version of phpMyFAQ from here
Advisory Update: November 13, 2017