phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()
Summary The sanitization pipeline for FAQ content is: 1. Filter::filterVar$input, FILTERSANITIZESPECIALCHARS — encodes , ", ', & to HTML entities 2. htmlentitydecode$input, ENTQUOTES | ENTHTML5 — decodes entities back to characters 3. Filter::removeAttributes$input — removes dangerous HTML...