GHSA-f5p7-2c9q-8896: phpMyFAQ has Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

May 6, 2026 (updated June 9, 2026)

This advisory has been withdrawn.

References

github.com/advisories/GHSA-f5p7-2c9q-8896
github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896
nvd.nist.gov/vuln/detail/CVE-2026-46363
www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass

Code Behaviors & Features

Detect and mitigate GHSA-f5p7-2c9q-8896 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →