\"@evil.com. PHP's FILTER_VALIDATE_EMAIL accepts this email as valid. The email is stored in the database without HTML sanitization and later rendered in the admin FAQ editor template using Twig's |raw filter, which bypasses auto-esc...","inLanguage":"en-US","mainEntityOfPage":{"@type":"WebPage","@id":"https://intel.enki-guard.com/vulnerability/CVE-2026-32629-phpmyfaq-stored-xss-via-unsanitized-email"},"url":"https://intel.enki-guard.com/vulnerability/CVE-2026-32629-phpmyfaq-stored-xss-via-unsanitized-email","identifier":"CVE-2026-32629","keywords":"CVE-2026-32629, CVE, vulnerability, security advisory, Medium severity","about":{"@type":"Thing","name":"CVE-2026-32629","identifier":"CVE-2026-32629"},"author":{"@type":"Organization","name":"AnKi Security OÜ","url":"https://anki-security.com"},"publisher":{"@type":"Organization","name":"Enki CVE Intelligence","url":"https://intel.enki-guard.com","logo":{"@type":"ImageObject","url":"https://intel.enki-guard.com/og/static/home.png"}},"datePublished":"2026-04-02T15:16:38+00:00","dateModified":"2026-04-07T16:10:02+00:00","image":"https://intel.enki-guard.com/og/cve/CVE-2026-32629.png"}