Core
by Flarum
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32671 | Cri | 0.61 | 10.0 | 0.40 | Jun 7, 2021 | Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed… | ||
| CVE-2019-11514 | Hig | 0.42 | 7.5 | 0.01 | Apr 25, 2019 | User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens. |
- risk 0.61cvss 10.0epss 0.40
Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed…
- risk 0.42cvss 7.5epss 0.01
User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.