In phpMyFAQ prior to 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
phpmyfaq phpmyfaq