Flarum: Security Vulnerabilities
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-07-07
User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-04-25
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.
CVSS Score
5.3
EPSS Score
0.004
Published
2018-11-09
Page 2