CVE-2026-34729

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.1

Description phpMyFAQ is susceptible to a stored cross-site scripting (XSS) issue due to a bypass in the regular expression used for sanitizing FAQ content within the Filter::removeAttributes() function. The regex only matches attributes with double-quoted values, failing to identify and remove attributes using single quotes or no quotes. This allows an attacker to inject malicious code, such as JavaScript, into FAQ content. The vulnerability exists because the sanitization pipeline first encodes special characters, then decodes them, and finally attempts to remove dangerous HTML attributes using a flawed regular expression. The affected file is phpmyfaq/src/phpMyFAQ/Filter.php at line 174. The XSS payload is rendered on the public FAQ page, impacting all users, including unauthenticated visitors. Exploitation requires administrative privileges to create or modify FAQ content, but the impact affects all viewers of the compromised FAQ. Potential impacts include session hijacking, phishing, worm propagation, and malware distribution.

Recommendations Versions prior to 4.1.1 should be updated to version 4.1.1 or later.