[MEDIUM] phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

PKSA-148m-3rtw-sjhw CVE-2026-46360 GHSA-wj3q-vw2v-3rj3

Affected package: phpmyfaq/phpmyfaq

Affected version: <4.1.2

Reported by:
GitHub