CVE-2023-2998

Name of the Vulnerable Software and Affected Versions thorsten/phpmyfaq versions prior to 3.1.14

Description The issue is related to Cross-site Scripting (XSS) - Stored, which occurs when admins create a FAQ News and can pass malicious scripts to the text of the record section. This allows for the storage of malicious scripts that can be executed later.

Recommendations For versions prior to 3.1.14, update to version 3.1.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the FAQ News creation feature to minimize the risk of exploitation. Avoid using the text of the record section in the affected area until the issue is resolved.