XSS in Flarum Framework
CVE-2022-41938
Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was not noticed. This allowed an attacker t…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.011 (78.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.
Affected products
- Flarum Framework — versions >= 1.5.0, < 1.6.2
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2022-41938?
- CVE-2022-41938 is a critical-severity vulnerability in Flarum Framework, classified under Cross-site Scripting. CVSS score: 9.0/10. Published 2022-11-19.
- How severe is CVE-2022-41938?
- Critical severity. CVSS v3 base score is 9.0 out of 10.