The phpMyFAQ Team has learned of multiple security issues that'd been discovered in phpMyFAQ 3.2.0 and earlier. phpMyFAQ contains cross-site scripting (XSS) vulnerabilities. The secure flag handling of cookies is buggy.
phpMyFAQ doesn't implement sufficient checks to avoid XSS when adding malicious content into FAQs, configuration, user administration, and multi-site configuration.
The phpMyFAQ Team has released the new phpMyFAQ versions 3.2.1 and 3.1.18, which fixes these vulnerabilities. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
There's no workaround except installing phpMyFAQ 3.2.1 or 3.1.18.
The phpMyFAQ team would like to thank @hainguyen0207 and @nyeooo for the responsible disclosures of these vulnerabilities.