phpMyFAQ Stored HTML Injection Vulnerability in FAQ Entries

A stored HTML injection vulnerability has been identified in phpMyFAQ versions 3.2.10 prior to 4.0.2. This issue allows authenticated users to inject malicious HTML or JavaScript into the FAQ editor, which is then rendered without proper sanitization. The injected content can disrupt the user interface of the FAQ page by overlapping and obscuring buttons, images, and iframes, effectively rendering the page unusable. This exploitation can lead to a denial-of-service condition for legitimate users, degrade the overall user experience, and potentially be used for phishing or defacement attacks.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition for legitimate users, disrupt the user experience, and facilitate phishing or defacement attacks.

Reproduction

To reproduce this vulnerability, log into an affected version of phpMyFAQ and navigate to the FAQ editor. Inject a snippet of HTML that includes overlapping elements, such as images or iframes, styled to cover the entire screen. Once the entry is saved, the injected HTML will disrupt the FAQ page's layout and functionality, demonstrating the denial-of-service impact.

Remediation

Users can upgrade to phpMyFAQ version 4.0.2 or later, where this vulnerability has been patched.