2 matches found
CVE-2021-21283
Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to...
Cross-site Scripting (XSS)
flarum/sticky is vulnerable to cross-site scripting. An attacker with the ability to pin their own discussion, or be able to edit a discussion that was previously pinned is able to inject and execute an arbitrary script via Mithril's m.trust helper while the extension is enabled...