GHSA-H3GG-7WX2-CQ3H XSS in Flarum Sticky extension
Impact A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to be injected as HTML on the discussion list. The issue was discovered following an internal audit. Any HTML would be injected through Mithril's m.trust helper. This...