Vendor | |
Product | FAQ Management System |
Affected Version(s) | 1.0 and probably prior |
Tested Version(s) | 1.0 |
Vendor Notification | 22 February 2024 |
Advisory Publication | 22 February 2024 [without technical details] |
Vendor Fix | N/A |
Public Disclosure | 25 March 2024 |
Latest Modification | 01 March 2024 |
CVE Identifier | CVE-2024-27719 |
Product Description | FAQ Management System is a tool designed to simplify the process of managing frequently asked questions (FAQs) providing users with a seamless interface to add, update, and delete FAQs. |
Credits | Josué Cruz Mier Security Researcher & Penetration Tester @wizlynx group |
Stored Cross Site Scripting (XSS) | |||
Severity: Medium | CVSS Score: 6.1 | CWE-ID: CWE-79 | Status: Open |
Vulnerability Description | |||
The web application FAQ Management System is affected by a stored Cross-Site Scripting (XSS) vulnerability affecting Version 1.0. An attacker might exploit this issue to execute arbitrary script code in the browser of an unsuspecting user while they are browsing the affected application. | |||
CVSS Base Score | |||
Attack Vector | Network | Scope | Changed |
Attack Complexity | Low | Confidentiality Impact | Low |
Privileges Required | None | Integrity Impact | Low |
User Interaction | Required | Availability Impact | None |
When visiting the web application’s homepage, we utilized the “Add FAQ” functionality to insert a new entry:
The following screenshot illustrates how the <img/src=x onerror=alert(document.domain)> payload could be injected into the "Frequently Asked Question" field:
As seen from the following Burp request, the application accepted the payload from “question” parameter and stored it within the web application:
Finally, we revisited the web application's homepage to observe the appearance of the popup window.