The phpMyFAQ Team has learned of a security issue that have been discovered in phpMyFAQ 2.9.6 and earlier. phpMyFAQ contains a stored vulnerability.
phpMyFAQ relies on PHPs filter_input() function with FILTER_SANITIZE_STRING flag is used to sanitize strings inside the functionality to save new FAQs. But this function doesn’t protect against XSS.
The phpMyFAQ Team has released the new phpMyFAQ versions 2.9.7 which fix the vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
There's no workaround except installing phpMyFAQ 2.9.7.
The phpMyFAQ teams would like to thank Noman Shaikh for the responsible disclosure of this vulnerability.