Description
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is selected, it will render the arbitrary HTML, potentially triggering stored XSS. This vulnerability is fixed in 1.2.3.
Published: 2026-05-12
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Flowsint is an open‑source OSINT graph exploration tool that allows users to create and visualize nodes on a map. In versions prior to 1.2.3, a remote attacker who can submit data to the application can create a map node whose label field contains arbitrary HTML. When a user later selects the map tab and clicks on the node’s marker, the application renders that stored HTML, which can trigger a stored cross‑site scripting attack. This flaw enables an attacker to inject malicious scripts into the victim’s browser, potentially stealing credentials, hijacking sessions, or redirecting traffic.

Affected Systems

The vulnerability affects the Flowsint tool from reconurge:flowsint for all releases older than 1.2.3. Any installation of Flowsint 1.2.2 or earlier that has not been updated is susceptible.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity. Exploitation requires remote access to the web interface to create a malicious node and is activated when a user interacts with the map view. The EPSS score is not available and the flaw is not listed in the CISA KEV catalog, implying limited evidence of active exploitation today. Nevertheless, because stored XSS can lead to browser‑side compromise, the risk remains non‑trivial for users who regularly visit the affected map pages.

Generated by OpenCVE AI on May 13, 2026 at 00:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Flowsint to version 1.2.3 or later to remove the XSS flaw.
  • Delete or sanitize any existing map node records that contain malicious or unsanitized HTML before they are rendered.
  • Implement server‑side output encoding or input validation on the node label field to reject raw HTML or escape special characters.

Generated by OpenCVE AI on May 13, 2026 at 00:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Reconurge
Reconurge flowsint
Vendors & Products Reconurge
Reconurge flowsint

Tue, 12 May 2026 23:15:00 +0000

Type Values Removed Values Added
Description Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is selected, it will render the arbitrary HTML, potentially triggering stored XSS. This vulnerability is fixed in 1.2.3.
Title Flowsint: Stored XSS on map node marker in map page
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Reconurge Flowsint
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-18T14:47:11.543Z

Reserved: 2026-04-24T17:15:21.835Z

Link: CVE-2026-42157

cve-icon Vulnrichment

Updated: 2026-05-18T14:46:02.843Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T23:16:17.343

Modified: 2026-05-18T16:16:30.703

Link: CVE-2026-42157

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T01:00:23Z

Weaknesses