[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the category field name parameter. This has been fixed in 3.1.12.

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-1885
• https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024
• https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8
• https://github.com/advisories/GHSA-xxm6-ff3x-v4vm