The phpMyFAQ Team has learned of a security issue that have been discovered in phpMyFAQ 2.8.28 and 2.9.0 and earlier. phpMyFAQ contains a stored vulnerability.
phpMyFAQ relies on PHPs filter_input() function with FILTER_VALIDATE_URL flag is used to validate URLs inside the functionality to save FAQs. But this function doesn’t protect against XSS.
The phpMyFAQ Team has released the new phpMyFAQ versions 2.8.29 and 2.9.1 which fix the vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
There's no workaround except installing phpMyFAQ 2.8.29 and 2.9.1.
The phpMyFAQ teams would like to thank Kacper Szurek for the responsible disclosure of this vulnerability.