Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
flarum/nickname: Display name injection in notification emails (autolink & markdown)
Vulnerability Description
Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting attacker-controlled domains.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Flarum 安全漏洞
Vulnerability Description
Flarum是Flarum开源的一个用于构建社区的简单论坛软件。 Flarum存在安全漏洞,该漏洞源于flarum/nicknames扩展启用时,注册用户可将昵称设置为电子邮件客户端解释为超链接的字符串,可能导致收件人被误导访问攻击者控制的域。
CVSS Information
N/A
Vulnerability Type
N/A