Unrated severityNVD Advisory· Published Jul 7, 2022· Updated Apr 23, 2025
Cross site scripting in HumHub
CVE-2022-31133
Description
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/humhub/humhub/commit/07d9f8f9b6334970ee38156a3416c3708d157caemitrex_refsource_MISC
- github.com/humhub/humhub/commit/f88991dfe56a05870df165ac89a2755dd4c1ffa1mitrex_refsource_MISC
- github.com/humhub/humhub/security/advisories/GHSA-p7h3-73v7-959cmitrex_refsource_CONFIRM
- huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.