Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodebb nodebb vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-43788
Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgra...
Nodebb Nodebb
4.3
CVSSv2
CVE-2015-3296
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB prior to 0.7 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.
Nodebb Nodebb
NA
CVE-2023-43187
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows malicious users to execute arbitrary code via crafted XML-RPC requests.
Nodebb Nodebb
NA
CVE-2023-26045
NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user...
Nodebb Nodebb
4.3
CVSSv2
CVE-2020-15156
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.
Nodebb Blog Comments
NA
CVE-2024-29316
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2