Advisories for Composer/Thorsten/Phpmyfaq package

2025

phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped before being rendered on the page.

2024
2023
2022