CVE-2026-42157
Flowsint: Stored XSS on map node marker in map page
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is selected, it will render the arbitrary HTML, potentially triggering stored XSS. This vulnerability is fixed in 1.2.3.
| CWE | CWE-79 |
| Vendor | reconurge |
| Product | flowsint |
| Published | May 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for reconurge flowsint
Be the first to know when new unknown vulnerabilities affecting reconurge flowsint are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
reconurge / flowsint
< 1.2.3