Package impact
COMPOSER / thorsten/phpMyFAQ
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-46360 | medium | 5.4 | 5.4 | 13d ago | phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS | |
| CVE-2026-46363 | medium | 5.4 | 5.4 | 13d ago | phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization | |
| CVE-2026-46365 | medium | 5.4 | 5.4 | 13d ago | phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags | |
| CVE-2026-45009 | medium | 4.3 | 4.3 | 13d ago | phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check |