CVE-2022-31133 MEDIUM

CVE-2022-31133: Cross site scripting in HumHub

Vendor Humhub
Product humhub
Weakness CWE-79 · XSS
Published July 7, 2022
Last update April 23, 2025
View on NVD All CVEs

CVSS base score

5.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue.

Key dates

02Disclosure timeline

July 7, 2022 CVE published
April 23, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-20279 Cisco Unifed Contact Center Express Stored Cross-Site Scripting Vulnerability CVE-2024-1038 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Reflected (DOM-Based) Cross-Site Scripting CVE-2022-32172 Zinc - Cross-Site Scripting CVE-2024-49270 WordPress Smart Blocks plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability CVE-2023-45072 WordPress Order auto complete for WooCommerce Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)