CyberGene I'm from CyStack, the team who reported the vulnerability to Flarum. I guess this vulnerability has not been widely exploited in the wild because if it happens, it is easy for everyone to know it and report it to the community.
The serious problem is that this vulnerability is extremely easy to exploit, anyone can create a Discussion and attach the payload to it. Then any user (including the Admin role) accessing the discussion link can have cookies stolen, and of course, their account will be taken over control afterward. This means that every setting in Admin Dashboard can be stolen (SMTP credentials, email API token, AWS tokens if integrating AWS S3, Pusher token...)
I strongly recommend that quickly take a look at your Discussion title in your forum. If it has not been upgraded to the latest version and the titles contain HTML tags like
<img src=x onerror=> then it means the forum has been exploited. Please quickly change the admin password, change tokens in the Admin settings, and recommend your users change their passwords