# Exploit Title: phpMyFAQ 2.9.8 Stored XSS # Vendor Homepage: http://www.phpmyfaq.de/ # Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip # Exploit Author: Ishaq Mohammed # Contact: https://twitter.com/security_prince # Website: https://about.me/security-prince # Category: webapps # CVE: CVE-2017-14619 1. Description Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14619 2. Proof of Concept Steps to Reproduce: 1. Open the affected link http://localhost/phpmyfaq/admin/?action=config with logged in user with administrator privileges 2. Enter the in the aTitle of your FAQ fielda 3. Save the Configuration 4. Login using any other user or simply click on the phpMyFAQ on the top-right hand side of the web portal 3. Solution: The Vulnerability will be fixed in the next release of phpMyFAQ -- Best Regards, Ishaq Mohammed https://about.me/security-prince