VYPR

Core

by Flarum

Source repositories

CVEs (2)

  • CVE-2021-32671CriJun 7, 2021
    risk 0.61cvss 10.0epss 0.40

    Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or documented. This allowed…

  • CVE-2019-11514HigApr 25, 2019
    risk 0.42cvss 7.5epss 0.01

    User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.