Users can edit the tags of any discussion

This advisory concerns a vulnerability which was patched and publicly released on October 5, 2020. Impact This vulnerability allowed any registered user to edit the tags of any discussion for which they have READ access using the REST API. Users were able to remove any existing tag, and add any t...

CVE-2021-21283

Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to...

CVE-2021-21283

The CVE-2021-21283 issue affects Flarum’s Sticky extension (versions 0.1.0-beta.14 and 0.1.0-beta.15). A change in beta 14 causes the first post of a pinned discussion to be injected as HTML on the discussion list via Mithril’s m.trust(), enabling a cross-site scripting (XSS) attack. Affected: Fl...

CVE-2021-21283 XSS in Flarum Sticky extension.

Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to...