Skip to main content

Flowsint

1 CVEs product

Monthly

CVE-2026-42159 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Flowsint prior to version 1.2.3 allows remote attackers to inject arbitrary HTML into node descriptions within sketches, which is executed when the node is selected by a user. This requires user interaction to view the malicious node but can compromise investigation integrity and potentially lead to credential theft or malware delivery within the OSINT analysis workflow.

XSS Flowsint
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Flowsint prior to version 1.2.3 allows remote attackers to inject arbitrary HTML into node descriptions within sketches, which is executed when the node is selected by a user. This requires user interaction to view the malicious node but can compromise investigation integrity and potentially lead to credential theft or malware delivery within the OSINT analysis workflow.

XSS Flowsint
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy