The phpMyFAQ Team has learned of multiple security issues that'd been discovered in phpMyFAQ 3.1.13 and earlier. phpMyFAQ contains cross-site scripting (XSS) vulnerabilities.
phpMyFAQ doesn't implement sufficient checks to avoid XSS when intercepting malicious content into FAQs.
The phpMyFAQ Team has released the new phpMyFAQ version 3.1.14 which fixes these vulnerabilities. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
There's no workaround except installing phpMyFAQ 3.1.14.
The phpMyFAQ team would like to thank Mohamed Abdelhady, and H4ck3r Khoỏng for the responsible disclosure of these vulnerabilities.