GHSA-HM8R-95G3-5HJ9 phpMyFAQ Stored Cross-site Scripting at File Attachments
Summary An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks. Details When attachments are uploaded without an extension, the application renders it as HTML by default. Therefore...