QwikSec

Security Database

CVE

CWE

Training

CVE-2022-31133

Published: Jul 7, 2022

Modified: Apr 23, 2025

PUBLISHED

CVSS v3.1

5.9

MEDIUM

Description

HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue.

Vendor	Product	Versions
humhub	humhub	affected `< 1.11.4`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://github.com/humhub/humhub/security/advisories/GHSA-p7h3-73v7-959c

x_refsource_CONFIRM

https://github.com/humhub/humhub/commit/07d9f8f9b6334970ee38156a3416c3708d157cae

x_refsource_MISC

https://github.com/humhub/humhub/commit/f88991dfe56a05870df165ac89a2755dd4c1ffa1

x_refsource_MISC

https://huntr.dev/bounties/89d996a2-de30-4261-8e3f-98e54cb25f76

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.