Framework Security Vulnerabilities and Issues — Framework CVE List

Lucene search

FlarumFramework

8 matches found

CVE•added 2022/11/19 1:15 a.m.•104 views

CVE-2022-41938

Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after v1.5 and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input,...

9CVSS6AI score0.00559EPSS

CVE•added 2023/01/11 8:15 p.m.•94 views

CVE-2023-22487

Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @""#p syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post ...

7.7CVSS4.7AI score0.00066EPSS

CVE•added 2023/01/13 7:15 p.m.•82 views

CVE-2023-22489

Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don'...

3.5CVSS3.7AI score0.00084EPSS

CVE•added 2023/01/12 8:15 p.m.•76 views

CVE-2023-22488

Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the r...

6.8CVSS5.5AI score0.00039EPSS

CVE•added 2023/03/10 9:15 p.m.•68 views

CVE-2023-27577

flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal techni...

6.6CVSS5.3AI score0.00072EPSS

CVE•added 2023/08/16 9:15 p.m.•57 views

CVE-2023-40033

Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofi...

7.1CVSS6.9AI score0.00204EPSS

CVE•added 2025/03/12 2:15 p.m.•45 views

CVE-2025-27794

Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., subdomain.host.com) sets cookies scoped to the parent domain (.host.com). This allows session token replacement...

6.8CVSS6.6AI score0.00083EPSS

CVE•added 2024/01/05 9:15 p.m.•42 views

CVE-2024-21641

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confir...

6.5CVSS4.6AI score0.39798EPSS