Cross-site Scripting (XSS) - Stored at discussion title in flarum/framework
Nov 17th 2022
Attacker can inject XSS payload in title when he starts or renames a discussion. The payload will be triggered right after a normal user open that discussion.
Proof of Concept
1. Login to your account on https://forum.locker.io 2. Create **New Discussions** 3. On the Discussions Title, enter payload: <img src=x onerror=alert(document.domain)> 4. Click **Post Discussions** then XSS will trigger.
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.