Listen to this Post
How the vulnerability works:
The vulnerability exists in phpMyFAQ’s FAQ creation and update endpoints. When a user submits a FAQ answer, the code applies `FILTER_SANITIZE_SPECIAL_CHARS` (via Filter::filterVar()), which converts `` survives entirely. The sanitized (but actually dangerous) content is stored in the database. Later, when the FAQ is rendered, the Twig template `faq.twig` outputs the answer using `{{ answer|raw }}` and the question with {{ question|raw }}. The `|raw` filter disables auto-escaping, so the injected `
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent may adversely affect certain features and functions.
We do not sell your personal data. If you wish to exercise your rights under applicable privacy laws, please visit our Do Not Sell My Personal Information page.