Lucene search
Veracode Vulnerability DatabaseVERACODE:29194HistoryFeb 01, 2021 - 6:52 a.m.
Cross-site Scripting (XSS)
2021-02-0106:52:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
flarum/sticky
cross-site scripting
mithril's m.trust()
EPSS
0.005
Percentile
77.2%
flarum/sticky is vulnerable to cross-site scripting. An attacker with the ability to pin their own discussion, or be able to edit a discussion that was previously pinned is able to inject and execute an arbitrary script via Mithril’s m.trust() helper while the extension is enabled.
References
discuss.flarum.org/d/26042-security-update-to-flarum-sticky-010-beta151)
github.com/advisories/GHSA-h3gg-7wx2-cq3h
github.com/flarum/sticky/commit/7ebd30462bd405c4c0570b93a6d48710e6c3db19
github.com/flarum/sticky/commit/fc995b88aecb6095f77cf01a899a9cfe23145a30
github.com/flarum/sticky/pull/24
github.com/flarum/sticky/security/advisories/GHSA-h3gg-7wx2-cq3h
Related
osv
osv
XSS in Flarum Sticky extension
2021-01-29 18:13:41
CVE-2021-21283
2021-01-26 21:15:12
github
github
XSS in Flarum Sticky extension
2021-01-29 18:13:41
prion
prion
Cross site scripting
2021-01-26 21:15:00
cvelist
cvelist
CVE-2021-21283 XSS in Flarum Sticky extension.
2021-01-26 20:45:24
cve
cve
CVE-2021-21283
2021-01-26 21:15:12
nvd
nvd
CVE-2021-21283
2021-01-26 21:15:12