[MEDIUM] phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

PKSA-ybf5-231k-fw57 CVE-2026-46360 GHSA-wj3q-vw2v-3rj3

Affected package: thorsten/phpmyfaq

Affected version: <4.1.2

Reported by:
GitHub