CVE-2021-21283

Sep 3, 2024

Published Date: 2021-01-26T21:15Z

Last Modified: 2023-11-07T03:29Z

CVSS Score: 5.4 (MEDIUM)

EPSS Score: 0.53%

Risk Score: 3.78 (MEDIUM)

Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.

CVSS: 5.4 | EPSS: 0.53%

NVD Links:

https://nvd.nist.gov/vuln/detail/CVE-2021-21283

Description: Flarum is an open source discussion platform for websites. The “Flarum Sticky” extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to be injected as HTML on the discussion list. The issue was discovered following an internal audit. Any HTML would be injected through the m.trust() helper. This resulted in an HTML injection where