The phpMyFAQ Team has learned of a security issue that have been discovered in phpMyFAQ 3.1.5 and earlier. phpMyFAQ contains a stored cross-site scripting (XSS) vulnerability.
phpMyFAQ does not implement sufficient checks to avoid stored XSS when saving content in the administration configuration
The phpMyFAQ Team has released the new phpMyFAQ version 3.1.6 which fix the vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
There's no workaround except installing phpMyFAQ 3.1.6.
The phpMyFAQ teams would like to thank jhond0e for the responsible disclosure of the vulnerability.