Lucene search
Veracode Vulnerability DatabaseVERACODE:38134HistoryNov 21, 2022 - 12:37 p.m.
Cross-site Scripting (XSS)
2022-11-2112:37:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
flarum
vulnerability
cross-site scripting
html
dom nodes
attacker
input
discussion page
0.001 Low
EPSS
Percentile
25.8%
flarum is vulnerable to cross-site scripting (XSS). The library’s page title system enables page titles to be converted into HTML DOM nodes when pages are rendered, which allows an attacker to inject malicious HTML markup using a discussion title input when a visitor opens the relevant discussion page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| flarum/core | le | v1.6.2.x-dev | |
| flarum/framework | le | v1.6.1 | |
| flarum/core | le | v1.6.2.x-dev | |
| flarum/framework | le | v1.6.1 |
References
discuss.flarum.org/d/27558
github.com/flarum/flarum-core/commit/7c6dd3286510e7bcd55706a0cec5f52b67d73fdf
github.com/flarum/framework/commit/690de9ce0ffe7ac4d45b73e303f44340c3433138
github.com/flarum/framework/commit/ed0cee97f537a7ac514526ff193df68df528560e
github.com/flarum/framework/pull/3684
github.com/flarum/framework/security/advisories/GHSA-7x4w-j98p-854x
Related
osv
osv
Cross site scripting vulnerability with discussion titles
2022-11-21 23:53:32
CVE-2022-41938
2022-11-19 01:15:10
cve
cve
CVE-2022-41938
2022-11-19 01:15:10
github
github
Cross site scripting vulnerability with discussion titles
2022-11-21 23:53:32
prion
prion
Design/Logic Flaw
2022-11-19 01:15:00
nvd
nvd
CVE-2022-41938
2022-11-19 01:15:10
cvelist
cvelist