MEDIUM
reconurge
CVE published 2026-05-12
CVE-2026-42157
CVE-2026-42157 is a stored cross-site scripting issue in Flowsint, an open-source OSINT graph exploration tool. A remote attacker can create a map node with a malicious label containing arbitrary HTML. When a user opens the map tab and selects the node marker, the application renders that HTML, which can trigger stored XSS. The issue is fixed in Flowsint 1.2.3.