Skip to main content

Humhub

11 CVEs product

Monthly

CVE-2026-29048 MEDIUM PATCH This Month

Cross-site scripting in HumHub 1.18.0's Button component allows unauthenticated attackers to inject and execute malicious scripts in users' browsers through inconsistent output encoding. Affected users could have their sessions compromised or be redirected to malicious content without any user interaction beyond visiting a crafted page. A patch is available in version 1.18.1.

XSS Humhub
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-64442 HIGH PATCH This Month

HumHub is an Open Source Enterprise Social Network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Humhub
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-52043 MEDIUM This Month

Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Humhub
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2022-31133 MEDIUM PATCH This Month

HumHub is an Open Source Enterprise Social Network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Humhub
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-24865 MEDIUM POC PATCH This Month

HumHub is an Open Source Enterprise Social Network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Humhub
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-43847 MEDIUM POC PATCH This Month

HumHub is an open-source social network kit written in PHP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Humhub
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-11564 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Humhub
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.6%
CVE-2019-9094 MEDIUM This Month

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Humhub
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-9093 MEDIUM This Month

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Humhub
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2016-1229 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Humhub
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2014-9528 HIGH POC This Week

SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP SQLi Humhub
NVD Exploit-DB GitHub
CVSS 2.0
7.5
EPSS
3.2%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting in HumHub 1.18.0's Button component allows unauthenticated attackers to inject and execute malicious scripts in users' browsers through inconsistent output encoding. Affected users could have their sessions compromised or be redirected to malicious content without any user interaction beyond visiting a crafted page. A patch is available in version 1.18.1.

XSS Humhub
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Month

HumHub is an Open Source Enterprise Social Network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Humhub
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Humhub
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

HumHub is an Open Source Enterprise Social Network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Humhub
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

HumHub is an Open Source Enterprise Social Network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Humhub
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

HumHub is an open-source social network kit written in PHP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Humhub
NVD GitHub
EPSS 3% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Humhub
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM This Month

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Humhub
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Humhub
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Humhub
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP SQLi +1
NVD Exploit-DB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy