[MEDIUM] phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization

PKSA-r4h3-pdnk-t517 CVE-2026-46363 GHSA-h36g-93qx-rxgr

Affected package: thorsten/phpmyfaq

Affected version: <4.1.2

Reported by:
GitHub