PT-2026-29785 · Thorsten · Phpmyfaq

Published

2026-04-02

·

Updated

2026-04-02

·

CVE-2026-34974

CVSS v3.1

5.4

Medium

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with edit faq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escalation from editor to full admin takeover. This issue has been patched in version 4.1.1.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

Related Identifiers

CVE-2026-34974

Affected Products

Phpmyfaq