Flarum
CVE-2022-41938
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after v1.5 and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from v1.5.0 to v1.6.1 are impacted. The vulnerability has been fixed and published as flarum/core v1.6.2. All communities running Flarum from v1.5.0 to v1.6.1 have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue.
AnalysisAI
Flarum is an open source discussion platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after v1.5 and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or renaming one. The XSS attack occurs after a visitor opens the relevant discussion page. All communities running Flarum from v1.5.0 to v1.6.1 are impacted. The vulnerability has been fixed and published as flarum/core v1.6.2. All communities running Flarum from v1.5.0 to v1.6.1 have to upgrade as soon as possible to v1.6.2. There are no known workarounds for this issue. Affected products include: Flarum.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp
Flarum is a forum software for building communities. Rated critical severity (CVSS 10.0), this vulnerability is remotely
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings. Rated hig
Flarum is a forum software for building communities. Rated medium severity (CVSS 4.3), this vulnerability is remotely ex
User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens. Rated h
Flarum is an open source forum software. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low
Flarum is open-source forum software. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no a
Flarum is a forum software for building communities. Rated medium severity (CVSS 5.4), this vulnerability is remotely ex
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address. Rated medium severity (CVSS 5.3), this v
flarum is a forum software package for building communities. Rated medium severity (CVSS 4.9), this vulnerability is rem
Flarum is a discussion platform for websites. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable,
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today