Package impact
COMPOSER / phpMyFAQ/phpMyFAQ
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-46367 | high | 7.6 | 7.6 | 13d ago | phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering | |
| CVE-2026-45008 | medium | 6.5 | 6.5 | 13d ago | phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins | |
| CVE-2026-46360 | medium | 5.4 | 5.4 | 13d ago | phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS | |
| CVE-2026-46363 | medium | 5.4 | 5.4 | 13d ago | phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization | |
| CVE-2026-46365 | medium | 5.4 | 5.4 | 13d ago | phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags | |
| CVE-2026-45009 | medium | 4.3 | 4.3 | 13d ago | phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check |