{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34729", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T18:41:20.754Z", "datePublished": "2026-04-02T14:46:22.056Z", "dateUpdated": "2026-04-02T18:44:47.729Z"}, "containers": {"cna": {"title": "phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-cv2g-8cj8-vgc7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-cv2g-8cj8-vgc7"}, {"name": "https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1"}], "affected": [{"vendor": "thorsten", "product": "phpMyFAQ", "versions": [{"version": "< 4.1.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T14:46:22.056Z"}, "descriptions": [{"lang": "en", "value": "phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes(). This issue has been patched in version 4.1.1."}], "source": {"advisory": "GHSA-cv2g-8cj8-vgc7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T18:44:33.329293Z", "id": "CVE-2026-34729", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T18:44:47.729Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes(). This issue has been patched in version 4.1.1."}], "id": "CVE-2026-34729", "lastModified": "2026-04-02T15:16:42.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T15:16:42.393", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1"}, {"source": "security-advisories@github.com", "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-cv2g-8cj8-vgc7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.1.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "phpMyFAQ", "source": "cna", "vendor": "thorsten"}, "product": "phpmyfaq", "vendor": "thorsten"}], "analysis": {"en": {"generated_at": "2026-04-02T17:20:20.874485+00:00", "value": {"mitigation_remediation": ["Upgrade phpMyFAQ to version\u202f4.1.1 or later", "If an upgrade cannot be performed immediately, limit FAQ editing to trusted administrators and disable public or unauthenticated content submission"], "summary": {"action": "Patch Immediately", "impact": "Stored Cross\u2011Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "All phpMyFAQ instances supplied by thorsten older than version\u202f4.1.1 are vulnerable. The issue was fixed in the 4.1.1 release, so installations running that version or newer are no longer affected.", "description_and_impact": "A regular expression bypass in the function that removes attributes allows malicious code to be saved in FAQ entries. When a user views such an entry, the inserted code runs in that user\u2019s browser, giving an attacker the possibility to steal session data, deface the interface, or perform other client\u2011side attacks associated with CWE\u201179.", "risk_and_exploitability": "The CVSS score of 6.1 classifies this as medium severity. The EPSS score is not provided, and the flaw is not listed in the CISA KEV catalog. Exploitation requires write access to FAQ entries, typically through administrative credentials. If public or unauthenticated content submission is allowed, the risk increases. The attack vector is client\u2011side, relying on stored malicious content that browsers will execute."}}}}, "created": "2026-04-02T20:11:39.255145+00:00", "updated": "2026-04-02T20:20:20.687156+00:00", "vendors": ["thorsten", "thorsten$PRODUCT$phpmyfaq"]}