Refine your search
9 vulnerabilities found for by HumHub
CVE-2026-29048 (GCVE-0-2026-29048)
Vulnerability from cvelistv5
Published
2026-03-06 06:59
Modified
2026-03-09 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the context of the user's browser. This issue has been patched in version 1.18.1.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T19:55:55.822924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T19:56:13.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "humhub",
"vendor": "humhub",
"versions": [
{
"status": "affected",
"version": "= 1.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the context of the user\u0027s browser. This issue has been patched in version 1.18.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T06:59:42.084Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/humhub/humhub/security/advisories/GHSA-qxjh-478x-23gm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/humhub/humhub/security/advisories/GHSA-qxjh-478x-23gm"
},
{
"name": "https://github.com/humhub/humhub/pull/8039",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/humhub/pull/8039"
},
{
"name": "https://github.com/humhub/humhub/commit/bd06ab4c75f6c65295ee3e1ce3643437e8f9d10a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/humhub/commit/bd06ab4c75f6c65295ee3e1ce3643437e8f9d10a"
},
{
"name": "https://github.com/humhub/humhub/releases/tag/v1.18.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/humhub/releases/tag/v1.18.1"
}
],
"source": {
"advisory": "GHSA-qxjh-478x-23gm",
"discovery": "UNKNOWN"
},
"title": "HumHub: XSS in Button component"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-29048",
"datePublished": "2026-03-06T06:59:42.084Z",
"dateReserved": "2026-03-03T17:50:11.243Z",
"dateUpdated": "2026-03-09T19:56:13.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-29052 (GCVE-0-2026-29052)
Vulnerability from cvelistv5
Published
2026-03-05 05:48
Modified
2026-03-05 15:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cross-Site Scripting (XSS) vulnerability in the Event Types of the HumHub Calendar module impacts users viewing events created by an administrative account. This issue has been patched in version 1.8.11.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:29:52.961012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:30:11.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "calendar",
"vendor": "humhub",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cross-Site Scripting (XSS) vulnerability in the Event Types of the HumHub Calendar module impacts users viewing events created by an administrative account. This issue has been patched in version 1.8.11."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T05:48:10.557Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/humhub/calendar/security/advisories/GHSA-gqj3-pmp2-mrx8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/humhub/calendar/security/advisories/GHSA-gqj3-pmp2-mrx8"
},
{
"name": "https://github.com/humhub/calendar/releases/tag/v1.8.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/calendar/releases/tag/v1.8.11"
}
],
"source": {
"advisory": "GHSA-gqj3-pmp2-mrx8",
"discovery": "UNKNOWN"
},
"title": "HumHub Calendar Module: Stored XSS in Event Types"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-29052",
"datePublished": "2026-03-05T05:48:10.557Z",
"dateReserved": "2026-03-03T17:50:11.244Z",
"dateUpdated": "2026-03-05T15:30:11.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65963 (GCVE-0-2025-65963)
Vulnerability from cvelistv5
Published
2025-11-25 23:38
Modified
2025-11-26 16:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has been patched in versions 0.16.11 and 0.17.2.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T16:13:10.280528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T16:13:16.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cfiles",
"vendor": "humhub",
"versions": [
{
"status": "affected",
"version": "\u003c 0.16.11"
},
{
"status": "affected",
"version": "\u003e= 0.17.0, \u003c 0.17.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has been patched in versions 0.16.11 and 0.17.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T23:38:49.198Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/humhub/cfiles/security/advisories/GHSA-rv2x-7qwp-2hf4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/humhub/cfiles/security/advisories/GHSA-rv2x-7qwp-2hf4"
},
{
"name": "https://github.com/humhub/cfiles/commit/75698f8e8f360cea470f0e9f264015b697ab4c09",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/cfiles/commit/75698f8e8f360cea470f0e9f264015b697ab4c09"
}
],
"source": {
"advisory": "GHSA-rv2x-7qwp-2hf4",
"discovery": "UNKNOWN"
},
"title": "CFiles Unauthorized Folder/ZIP Access in Public Spaces"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65963",
"datePublished": "2025-11-25T23:38:49.198Z",
"dateReserved": "2025-11-18T16:14:56.694Z",
"dateUpdated": "2025-11-26T16:13:16.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64442 (GCVE-0-2025-64442)
Vulnerability from cvelistv5
Published
2025-11-07 20:28
Modified
2025-11-07 20:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search feature which allows malicious input to be executed in search previews. This issue is fixed in version 1.17.4.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T20:43:49.727861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T20:44:02.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "humhub",
"vendor": "humhub",
"versions": [
{
"status": "affected",
"version": "\u003c 1.17.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search feature which allows malicious input to be executed in search previews. This issue is fixed in version 1.17.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T20:28:20.962Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/humhub/humhub/security/advisories/GHSA-2hgp-33j2-93cc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/humhub/humhub/security/advisories/GHSA-2hgp-33j2-93cc"
},
{
"name": "https://github.com/humhub/humhub/pull/7814",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/humhub/pull/7814"
},
{
"name": "https://github.com/humhub/humhub/releases/tag/v1.17.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/humhub/releases/tag/v1.17.4"
}
],
"source": {
"advisory": "GHSA-2hgp-33j2-93cc",
"discovery": "UNKNOWN"
},
"title": "HumHub is vulnerable to XSS through its Meta Search component"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64442",
"datePublished": "2025-11-07T20:28:20.962Z",
"dateReserved": "2025-11-03T22:12:51.366Z",
"dateUpdated": "2025-11-07T20:44:02.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54790 (GCVE-0-2025-54790)
Vulnerability from cvelistv5
Published
2025-08-01 23:37
Modified
2025-08-04 15:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T15:22:23.320059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T15:22:29.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cfiles",
"vendor": "humhub",
"versions": [
{
"status": "affected",
"version": "\u003c 0.16.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T23:37:23.353Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/humhub/cfiles/security/advisories/GHSA-rfvq-g9rm-pgqj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/humhub/cfiles/security/advisories/GHSA-rfvq-g9rm-pgqj"
},
{
"name": "https://github.com/humhub/cfiles/pull/252",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/cfiles/pull/252"
},
{
"name": "https://github.com/humhub/cfiles/releases/tag/v0.16.10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/cfiles/releases/tag/v0.16.10"
}
],
"source": {
"advisory": "GHSA-rfvq-g9rm-pgqj",
"discovery": "UNKNOWN"
},
"title": "Files: Potential for SQL Injection through File Browse and List Operations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54790",
"datePublished": "2025-08-01T23:37:23.353Z",
"dateReserved": "2025-07-29T16:50:28.393Z",
"dateUpdated": "2025-08-04T15:22:29.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54789 (GCVE-0-2025-54789)
Vulnerability from cvelistv5
Published
2025-08-01 23:26
Modified
2025-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T15:40:03.523315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T15:40:11.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cfiles",
"vendor": "humhub",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user\u2019s session. This is fixed in version 0.16.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T23:26:32.195Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/humhub/cfiles/security/advisories/GHSA-cw2v-c62w-5r43",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/humhub/cfiles/security/advisories/GHSA-cw2v-c62w-5r43"
},
{
"name": "https://github.com/humhub/cfiles/commit/f022bdd1cc54334a7a2a6f90a8168bb9583a2f00",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/cfiles/commit/f022bdd1cc54334a7a2a6f90a8168bb9583a2f00"
},
{
"name": "https://github.com/humhub/cfiles/releases/tag/v0.16.10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/cfiles/releases/tag/v0.16.10"
}
],
"source": {
"advisory": "GHSA-cw2v-c62w-5r43",
"discovery": "UNKNOWN"
},
"title": "Files is Vulnerable to Reflected Self-XSS through its File Move Functionality"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54789",
"datePublished": "2025-08-01T23:26:32.195Z",
"dateReserved": "2025-07-29T16:50:28.393Z",
"dateUpdated": "2025-08-04T15:40:11.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31133 (GCVE-0-2022-31133)
Vulnerability from cvelistv5
Published
2022-07-07 17:45
Modified
2025-04-23 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/humhub/humhub/security/advisories/GHSA-p7h3-73v7-959c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/humhub/humhub/commit/07d9f8f9b6334970ee38156a3416c3708d157cae"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/humhub/humhub/commit/f88991dfe56a05870df165ac89a2755dd4c1ffa1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:03:56.727502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:04:24.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "humhub",
"vendor": "humhub",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual \"spaces\" are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-07T17:45:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/humhub/humhub/security/advisories/GHSA-p7h3-73v7-959c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/humhub/commit/07d9f8f9b6334970ee38156a3416c3708d157cae"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/humhub/commit/f88991dfe56a05870df165ac89a2755dd4c1ffa1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76"
}
],
"source": {
"advisory": "GHSA-p7h3-73v7-959c",
"discovery": "UNKNOWN"
},
"title": "Cross site scripting in HumHub",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31133",
"STATE": "PUBLIC",
"TITLE": "Cross site scripting in HumHub"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "humhub",
"version": {
"version_data": [
{
"version_value": "\u003c 1.11.4"
}
]
}
}
]
},
"vendor_name": "humhub"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual \"spaces\" are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/humhub/humhub/security/advisories/GHSA-p7h3-73v7-959c",
"refsource": "CONFIRM",
"url": "https://github.com/humhub/humhub/security/advisories/GHSA-p7h3-73v7-959c"
},
{
"name": "https://github.com/humhub/humhub/commit/07d9f8f9b6334970ee38156a3416c3708d157cae",
"refsource": "MISC",
"url": "https://github.com/humhub/humhub/commit/07d9f8f9b6334970ee38156a3416c3708d157cae"
},
{
"name": "https://github.com/humhub/humhub/commit/f88991dfe56a05870df165ac89a2755dd4c1ffa1",
"refsource": "MISC",
"url": "https://github.com/humhub/humhub/commit/f88991dfe56a05870df165ac89a2755dd4c1ffa1"
},
{
"name": "https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76"
}
]
},
"source": {
"advisory": "GHSA-p7h3-73v7-959c",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31133",
"datePublished": "2022-07-07T17:45:12.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:04:24.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24865 (GCVE-0-2022-24865)
Vulnerability from cvelistv5
Published
2022-04-20 20:05
Modified
2025-04-22 18:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users' data. This issue has been resolved by commit `eb83de20`. It is recommended that the HumHub is upgraded to 1.11.0, 1.10.4 or 1.9.4. There are no known workarounds for this issue.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:00.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/humhub/humhub/security/advisories/GHSA-2h35-f226-3f57"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/humhub/humhub/commit/eb83de20aaecc559ab77a44a6179646a99607e33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24865",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:48:39.708237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:14:38.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "humhub",
"vendor": "humhub",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.10.4"
},
{
"status": "affected",
"version": "\u003c 1.9.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users\u0027 data. This issue has been resolved by commit `eb83de20`. It is recommended that the HumHub is upgraded to 1.11.0, 1.10.4 or 1.9.4. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T20:05:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/humhub/humhub/security/advisories/GHSA-2h35-f226-3f57"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/humhub/commit/eb83de20aaecc559ab77a44a6179646a99607e33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76/"
}
],
"source": {
"advisory": "GHSA-2h35-f226-3f57",
"discovery": "UNKNOWN"
},
"title": "Improper access control in humhub",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24865",
"STATE": "PUBLIC",
"TITLE": "Improper access control in humhub"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "humhub",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.10.0, \u003c 1.10.4"
},
{
"version_value": "\u003c 1.9.4"
}
]
}
}
]
},
"vendor_name": "humhub"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HumHub is an Open Source Enterprise Social Network. In affected versions users who are forced to change their password by an administrator may retrieve other users\u0027 data. This issue has been resolved by commit `eb83de20`. It is recommended that the HumHub is upgraded to 1.11.0, 1.10.4 or 1.9.4. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/humhub/humhub/security/advisories/GHSA-2h35-f226-3f57",
"refsource": "CONFIRM",
"url": "https://github.com/humhub/humhub/security/advisories/GHSA-2h35-f226-3f57"
},
{
"name": "https://github.com/humhub/humhub/commit/eb83de20aaecc559ab77a44a6179646a99607e33",
"refsource": "MISC",
"url": "https://github.com/humhub/humhub/commit/eb83de20aaecc559ab77a44a6179646a99607e33"
},
{
"name": "https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76/",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76/"
}
]
},
"source": {
"advisory": "GHSA-2h35-f226-3f57",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24865",
"datePublished": "2022-04-20T20:05:10.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:14:38.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43847 (GCVE-0-2021-43847)
Vulnerability from cvelistv5
Published
2021-12-20 21:35
Modified
2024-08-04 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/humhub/humhub/pull/5473"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/humhub/humhub/releases/tag/v1.10.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/humhub/humhub/releases/tag/v1.9.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "humhub",
"vendor": "humhub",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.10.3"
},
{
"status": "affected",
"version": "\u003c 1.9.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T21:35:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/humhub/pull/5473"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/humhub/releases/tag/v1.10.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/humhub/humhub/releases/tag/v1.9.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/"
}
],
"source": {
"advisory": "GHSA-f5hc-5wfr-7v74",
"discovery": "UNKNOWN"
},
"title": "Authorization Bypass in Space Invite in HumHub",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43847",
"STATE": "PUBLIC",
"TITLE": "Authorization Bypass in Space Invite in HumHub"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "humhub",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.10.0, \u003c 1.10.3"
},
{
"version_value": "\u003c 1.9.3"
}
]
}
}
]
},
"vendor_name": "humhub"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74",
"refsource": "CONFIRM",
"url": "https://github.com/humhub/humhub/security/advisories/GHSA-f5hc-5wfr-7v74"
},
{
"name": "https://github.com/humhub/humhub/pull/5473",
"refsource": "MISC",
"url": "https://github.com/humhub/humhub/pull/5473"
},
{
"name": "https://github.com/humhub/humhub/releases/tag/v1.10.3",
"refsource": "MISC",
"url": "https://github.com/humhub/humhub/releases/tag/v1.10.3"
},
{
"name": "https://github.com/humhub/humhub/releases/tag/v1.9.3",
"refsource": "MISC",
"url": "https://github.com/humhub/humhub/releases/tag/v1.9.3"
},
{
"name": "https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/943dad83-f0ed-4c74-ba81-7dfce7ca0ef2/"
}
]
},
"source": {
"advisory": "GHSA-f5hc-5wfr-7v74",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43847",
"datePublished": "2021-12-20T21:35:12.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:10:17.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}