PT-2026-40467 · Flowsint · Flowsint
Published
2026-05-12
·
Updated
2026-05-13
·
CVE-2026-42157
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Flowsint versions prior to 1.2.3
Description
A remote attacker can create a map node with a malicious label containing arbitrary HTML. When the map tab and a map node marker are selected, the application renders the HTML, which can trigger stored Cross-Site Scripting (XSS), a flaw where malicious scripts are permanently stored on the target server and executed in the victim's browser.
Recommendations
Update to version 1.2.3.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flowsint