Cross-site Scripting (XSS)
flarum is vulnerable to cross-site scripting XSS. The library's page title system enables page titles to be converted into HTML DOM nodes when pages are rendered, which allows an attacker to inject malicious HTML markup using a discussion title input when a visitor opens the relevant discussion...