Vulnerability Description
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is selected, it will render the arbitrary HTML, potentially triggering stored XSS. This vulnerability is fixed in 1.2.3.
Related Weaknesses (CWE)
References
- https://github.com/reconurge/flowsint/security/advisories/GHSA-gj93-2vcq-729w
- https://github.com/reconurge/flowsint/security/advisories/GHSA-gj93-2vcq-729w
FAQ
What is CVE-2026-42157?
CVE-2026-42157 is a documented vulnerability. Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicio...
How severe is CVE-2026-42157?
CVSS scoring is not yet available for CVE-2026-42157. Check NVD for updates.
Is there a patch for CVE-2026-42157?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.