[MEDIUM] phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation

PKSA-yy2b-x6vy-wsx2 CVE-2026-34974 GHSA-5crx-pfhq-4hgg

Affected package: thorsten/phpmyfaq

Affected version: <=4.1.0

Reported by:
GitHub