phpMyFAQ – Stored XSS via Utils::parseUrl() in Comment Rendering

7.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Description

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craft URLs with unescaped quotes to inject event handlers, stealing admin session cookies and achieving full application takeover when visitors view affected FAQ pages.

Basic Information

ID CVE-2026-46367

Source VulnCheck

Published May 15, 2026 at 18:36

Affected Product

Vendor thorsten

Product phpmyfaq

Version 4.1.1

Affected Versions thorsten phpmyfaq 4.1.1

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craft URLs with unescaped quotes to inject event handlers, stealing admin session cookies and achieving full application takeover when visitors view affected FAQ pages.",
    "published": "2026-05-15T18:36:46.103Z",
    "modified": "2026-05-15T18:36:46.103Z",
    "type": "cve",
    "title": "phpMyFAQ - Stored XSS via Utils::parseUrl() in Comment Rendering",
    "source": "VulnCheck",
    "references": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9525-27vj-c8r8\nhttps://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-utils-parseurl-in-comment-rendering",
    "id": "CVE-2026-46367",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "thorsten phpmyfaq 4.1.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "phpmyfaq",
    "version": "4.1.1",
    "vendor": "thorsten",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

phpMyFAQ – Stored XSS via Utils::parseUrl() in Comment Rendering_CVE-2026-46367