Imorland

**Name of the Vulnerable Software and Affected Versions** Flarum (affected versions not specified) **Description** The Flarum forum software, when used with the flarum/nicknames extension, allows a registered user to set a nickname that email clients may interpret as a hyperlink. This nickname is directly inserted into plain-text notification emails. Recipients could be misled into visiting domains controlled by an attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Flarum versions prior to 1.8.10 Description: A session hijacking issue exists when an attacker-controlled authoritative subdomain under a parent domain sets cookies scoped to the parent domain. This allows session token replacement for applications hosted on sibling subdomains if session tokens aren't rotated post-authentication. Key constraints include the attacker controlling any subdomain under the parent domain and the parent domain not being on the Public Suffix List. The issue can theoretically be reproduced using browser dev tools but is not exploitable due to browser security measures. Recommendations: For versions prior to 1.8.10, update to version 1.8.10 to resolve the issue. As a temporary workaround, consider implementing session token rotation after authentication to minimize the risk of exploitation. Additionally, restrict cookies to explicit subdomains and consider adding the parent domain to the Public Suffix List to prevent such attacks.