Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2850 | 1 Nodebb | 1 Nodebb | 2023-08-07 | N/A | 4.7 MEDIUM |
| NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker. | |||||
| CVE-2021-43787 | 1 Nodebb | 1 Nodebb | 2021-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. | |||||
| CVE-2021-43788 | 1 Nodebb | 1 Nodebb | 2021-11-30 | 4.0 MEDIUM | 5.0 MEDIUM |
| Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. | |||||
| CVE-2015-9286 | 1 Nodebb | 1 Nodebb | 2019-05-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. | |||||
| CVE-2015-3296 | 1 Nodebb | 1 Nodebb | 2017-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. | |||||