CVE-2021-21283
The CVE-2021-21283 issue affects Flarum’s Sticky extension (versions 0.1.0-beta.14 and 0.1.0-beta.15). A change in beta 14 causes the first post of a pinned discussion to be injected as HTML on the discussion list via Mithril’s m.trust(), enabling a cross-site scripting (XSS) attack. Affected: Fl...