thorsten/phpmyfaq Security Advisories for 4.1.0-RC.2 (3)
-
[MEDIUM] phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation
PKSA-yy2b-x6vy-wsx2 CVE-2026-34974 GHSA-5crx-pfhq-4hgg
Affected version: <=4.1.0
Reported by:
GitHub -
[MEDIUM] phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure
PKSA-fk9h-qz7y-fk1q CVE-2026-34973 GHSA-gcp9-5jc8-976x
Affected version: <4.1.1
Reported by:
GitHub -
[MEDIUM] phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor
PKSA-t2yv-wns1-2p5c CVE-2026-32629 GHSA-98gw-w575-h2ph
Affected version: <=4.1.0
Reported by:
GitHub