.. / CVE-2023-1880

Exploit for Phpmyfaq v3.1.11 - Cross-Site Scripting (CVE-2023-1880)

Description:

Phpmyfaq v3.1.11 is vulnerable to reflected XSS in send2friend because the ‘artlang’ parameter is not sanitized.

Nuclei Template

View the template here CVE-2023-1880.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-1880.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-1880
https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e
https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d