Security Research & Advisories

Stored Cross-Site Scripting (XSS) in FAQ Management System v1.0

Vendor
Product FAQ Management System
Affected Version(s) 1.0 and probably prior
Tested Version(s) 1.0
Vendor Notification 22 February 2024
Advisory Publication 22 February 2024 [without technical details]
Vendor Fix N/A
Public Disclosure 25 March 2024
Latest Modification 01 March 2024
CVE Identifier CVE-2024-27719
Product Description FAQ Management System is a tool designed to simplify the process of managing frequently asked questions (FAQs) providing users with a seamless interface to add, update, and delete FAQs.
Credits Josué Cruz Mier Security Researcher & Penetration Tester @wizlynx group

Vulnerability Details

Stored Cross Site Scripting (XSS)
Severity: Medium CVSS Score: 6.1 CWE-ID: CWE-79 Status: Open
Vulnerability Description
The web application FAQ Management System is affected by a stored Cross-Site Scripting (XSS) vulnerability affecting Version 1.0. An attacker might exploit this issue to execute arbitrary script code in the browser of an unsuspecting user while they are browsing the affected application.
CVSS Base Score
Attack Vector Network Scope Changed
Attack Complexity Low Confidentiality Impact Low
Privileges Required None Integrity Impact Low
User Interaction Required Availability Impact None

PoC

Demonstration

When visiting the web application’s homepage, we utilized the “Add FAQ” functionality to insert a new entry:

The following screenshot illustrates how the <img/src=x onerror=alert(document.domain)> payload could be injected into the "Frequently Asked Question" field:

As seen from the following Burp request, the application accepted the payload from “question” parameter and stored it within the web application:

Finally, we revisited the web application's homepage to observe the appearance of the popup window.

Top