Stored XSS in FAQ comments in thorsten/phpmyfaq
Dec 18th 2022
Stored XSS in FAQ comments by any visitor or anonymous user that alerted in admin panel in comments page also it stored in the FAQ page itself via injecting XSS payload in "Name " and "Message" input fields .
Proof of Concept
Users and admin accounts takeover