phpMyFAQ – Stored XSS in FAQ Question/Answer via Encode-Decode Bypass

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQ_ADD permission to inject malicious script tags via question or answer parameters, which execute in every visitor's browser when FAQ content is rendered with the raw Twig filter.

Basic Information

ID CVE-2026-46363

Source VulnCheck

Published May 15, 2026 at 18:36

Affected Product

Vendor thorsten

Product phpmyfaq

Affected Versions thorsten phpmyfaq 0

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQ_ADD permission to inject malicious script tags via question or answer parameters, which execute in every visitor's browser when FAQ content is rendered with the raw Twig filter.",
    "published": "2026-05-15T18:36:42.063Z",
    "modified": "2026-05-15T18:36:42.063Z",
    "type": "cve",
    "title": "phpMyFAQ - Stored XSS in FAQ Question/Answer via Encode-Decode Bypass",
    "source": "VulnCheck",
    "references": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896\nhttps://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass",
    "id": "CVE-2026-46363",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "thorsten phpmyfaq 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "phpmyfaq",
    "version": "0",
    "vendor": "thorsten",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

phpMyFAQ – Stored XSS in FAQ Question/Answer via Encode-Decode Bypass_CVE-2026-46363