CVE-2026-34974: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in thorsten phpMyFAQ
phpMyFAQ versions prior to 4. 1. 1 contain a cross-site scripting (XSS) vulnerability in the SVG sanitizer. The issue arises because the regex-based sanitizer can be bypassed using HTML entity encoding in javascript: URLs within SVG <a href> attributes. An attacker with edit_faq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, potentially escalating privileges from editor to full admin. This vulnerability has been fixed in version 4. 1. 1.
AI Analysis
Technical Summary
The vulnerability in phpMyFAQ (CVE-2026-34974) is an improper neutralization of input during web page generation (CWE-79) affecting the regex-based SVG sanitizer (SvgSanitizer.php). Prior to version 4.1.1, the sanitizer fails to correctly handle HTML entity encoding in javascript: URLs embedded in SVG <a href> attributes, allowing an attacker with edit_faq permission to upload malicious SVG files. When these SVGs are viewed, arbitrary JavaScript can execute, enabling privilege escalation from editor to full administrator. The issue is resolved in phpMyFAQ version 4.1.1.
Potential Impact
Successful exploitation allows an attacker with edit_faq permission to execute arbitrary JavaScript in the context of the application, leading to privilege escalation from editor to full administrator. This can compromise the integrity and control of the phpMyFAQ installation. The CVSS v3.1 base score is 5.4 (medium severity), reflecting network attack vector, low attack complexity, required privileges at the editor level, user interaction required, and partial confidentiality and integrity impact without availability impact.
Mitigation Recommendations
Upgrade phpMyFAQ to version 4.1.1 or later, where this vulnerability has been patched. No other mitigation is indicated or required as the fix addresses the root cause in the SVG sanitizer. Users should ensure they do not use vulnerable versions in production environments.
CVE-2026-34974: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in thorsten phpMyFAQ
Description
phpMyFAQ versions prior to 4. 1. 1 contain a cross-site scripting (XSS) vulnerability in the SVG sanitizer. The issue arises because the regex-based sanitizer can be bypassed using HTML entity encoding in javascript: URLs within SVG <a href> attributes. An attacker with edit_faq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, potentially escalating privileges from editor to full admin. This vulnerability has been fixed in version 4. 1. 1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in phpMyFAQ (CVE-2026-34974) is an improper neutralization of input during web page generation (CWE-79) affecting the regex-based SVG sanitizer (SvgSanitizer.php). Prior to version 4.1.1, the sanitizer fails to correctly handle HTML entity encoding in javascript: URLs embedded in SVG <a href> attributes, allowing an attacker with edit_faq permission to upload malicious SVG files. When these SVGs are viewed, arbitrary JavaScript can execute, enabling privilege escalation from editor to full administrator. The issue is resolved in phpMyFAQ version 4.1.1.
Potential Impact
Successful exploitation allows an attacker with edit_faq permission to execute arbitrary JavaScript in the context of the application, leading to privilege escalation from editor to full administrator. This can compromise the integrity and control of the phpMyFAQ installation. The CVSS v3.1 base score is 5.4 (medium severity), reflecting network attack vector, low attack complexity, required privileges at the editor level, user interaction required, and partial confidentiality and integrity impact without availability impact.
Mitigation Recommendations
Upgrade phpMyFAQ to version 4.1.1 or later, where this vulnerability has been patched. No other mitigation is indicated or required as the fix addresses the root cause in the SVG sanitizer. Users should ensure they do not use vulnerable versions in production environments.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-31T19:38:31.616Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69ce8676e6bfc5ba1de3384b
Added to database: 4/2/2026, 3:08:38 PM
Last enriched: 4/10/2026, 12:03:33 AM
Last updated: 5/20/2026, 9:42:21 PM
Views: 79
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.