phpMyFAQ phpMyFAQ The phpMyFAQ Team has learned of a security issue that have been discovered in phpMyFAQ 2.6.x
phpMyFAQ doesn't sanitize some variables in different pages correctly. With a properly crafted URL it is e.g. possible to inject JavaScript code into the output of a page, which could result in the leakage of domain cookies (f.e. session identifiers).
The phpMyFAQ Team has released new phpMyFAQ version 2.6.9 which fix the vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
There's no workaround except installing phpMyFAQ 2.6.9.
The phpMyFAQ Team would like to thank Yam Mesicka for reporting the vulnerability.