Latest flarum flarum Vulnerabilities

CVE-2024-21641
Flarum's Logout Route allows open redirects
composer/flarum/framework<1.8.5
composer/flarum/core<1.8.5
Flarum Flarum<1.8.5
CVE-2023-40033
## Impact The Flarum forum software is affected by a vulnerability that allows an attacker to conduct a Blind SSRF attack or disclose any file on the server, even with a basic user account on any Flar...
Flarum Flarum<1.8.0
composer/flarum/framework<1.8.0
composer/flarum/core<1.8.0
CVE-2023-27577
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser ...
Flarum Flarum<1.7.0
CVE-2023-22488
Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The noti...
Flarum Flarum<1.6.3
CVE-2023-22487
Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special `@"<username>"#p<...
Flarum Flarum<1.6.3
CVE-2022-41938
Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after `v1.5` and was ...
Flarum Flarum>=1.5.0<1.6.2
CVE-2021-32671
Flarum Flarum=1.0.0
Flarum Flarum=1.0.1
CVE-2019-13183
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.
Flarum Flarum=0.1.0
Flarum Flarum=0.1.0-beta2
Flarum Flarum=0.1.0-beta3
Flarum Flarum=0.1.0-beta4
Flarum Flarum=0.1.0-beta5
Flarum Flarum=0.1.0-beta6
and 6 more
CVE-2019-11514
`User/Command/ConfirmEmailHandler.php` in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.
Flarum Flarum=0.1.0
Flarum Flarum=0.1.0-beta
Flarum Flarum=0.1.0-beta2
Flarum Flarum=0.1.0-beta3
Flarum Flarum=0.1.0-beta4
Flarum Flarum=0.1.0-beta5
and 15 more
CVE-2018-19133
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.
Flarum Flarum=0.1.0-beta.7.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203