CVE-2017-14619 - PHPMyFAQ 2.9.8 - Cross-Site Scripting
Security Advisory: CVE-2017-14619 - PHPMyFAQ 2.9.8 - Cross-Site Scripting
OVERVIEW
Severity Rating: Medium
Confirmed Affected Versions: 2.9.8
Confirmed Patched Versions: 2.9.9
Vendor: phpMyFAQ
Vendor URL: http://www.phpmyfaq.de/
Vector: Remote
Status: Public
CVE: CVE-2017-14619
ExploitDB URL: https://www.exploit-db.com/exploits/42987/
phpMyFAQ Security Advisory: http://www.phpmyfaq.de/security/advisory-2017-10-19
PRODUCT DESCRIPTION
phpMyFAQ is a multilingual, completely database-driven FAQ-system. It supports various databases to store all data, PHP 5.4.4+ or HHVM 3.4.2+ is needed in order to access this data. phpMyFAQ also offers a multi-language Content Management System with a WYSIWYG editor and an Image Manager, flexible multi-user support with user and group based permissions on categories and records, a wiki-like revision feature, a news system, user-tracking, 40+ supported languages, enhanced automatic content negotiation, HTML5/CSS3 based templates, PDF-support, a backup-system, a dynamic sitemap, related FAQs, tagging, RSS feeds, built-in spam protection systems, OpenLDAP and Microsoft Active Directory support, and an easy to use installation script.
phpMyFAQ is developed and maintained by Thorsten Rinne
SUMMARY AND IMPACT
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the “Title of your FAQ” field in the Configuration Module.
In phpMYFAQ Administrator has the privilege to edit the Configuration of the phpMyFAQ Portal, wherein he can also change the title of the Portal. The “Title of your FAQ” field does not properly filter and sanitize the user input which thus, results into a Stored Cross Site Scripting Vulnerability.
Whenever any user visits this portal, the admin’s (attacker’s) malicious JavaScript will be executed by the title on the user’s browser.
PROOF OF CONCEPT
https://www.youtube.com/watch?v=iVbsxOcAqZw
WORKAROUNDS
There is no workaround except for updating to the latest version of phpMyFAQ from here
Advisory Update: November 13, 2017