phpMyFAQ Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-27300
phpMyFAQ is an open source FAQ web application for PHP 8.1 and MySQL PostgreSQL and other databases. The email field in phpMyFAQ39s user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP39s FILTER_VALIDATE_EMAIL function which only validates the email format not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user39s phpMyFAQ session. This vulnerability is fixed in 3.2.6.
