CVE-2025-68951

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions 4.0.14 through 4.0.15

Description phpMyFAQ is a web application for creating FAQs. Versions 4.0.14 and 4.0.15 contain a stored cross-site scripting (XSS) issue. An attacker can inject and execute arbitrary JavaScript code in an administrator’s browser. This is achieved by registering a user with a display name containing HTML entities. When an administrator views the admin user list, the payload is decoded and rendered without proper escaping, leading to script execution within the administrator's context.

Recommendations Upgrade to phpMyFAQ version 4.0.16 or later.