Lucene search
GitHub_MCVELIST:CVE-2020-15156HistoryAug 26, 2020 - 7:10 p.m.
CVE-2020-15156 XSS due to lack of CSRF validation for replying/publishing
2020-08-2619:10:14
CWE-352
GitHub_M
www.cve.org
1
cve-2020-15156
cross-site scripting
csrf validation
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
AI Score
7.8
Confidence
High
EPSS
0.001
Percentile
35.4%
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.
CNA Affected
[
{
"product": "nodebb-plugin-blog-comments",
"vendor": "psychobunny",
"versions": [
{
"status": "affected",
"version": "< 0.7.0"
}
]
}
]Related
osv
osv
CVE-2020-15156
2020-08-26 19:15:14
XSS due to lack of CSRF validation for replying/publishing
2020-08-26 18:55:38
github
github
XSS due to lack of CSRF validation for replying/publishing
2020-08-26 18:55:38
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Nodebb Blog Comments
2020-12-01 09:45:48
veracode
veracode
Cross-Site Request Forgery (CSRF)
2020-08-27 02:24:12
cve
cve
CVE-2020-15156
2020-08-26 19:15:14
nvd
nvd
CVE-2020-15156
2020-08-26 19:15:14
prion
prion
Cross site request forgery (csrf)
2020-08-26 19:15:00
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
AI Score
7.8
Confidence
High
EPSS
0.001
Percentile
35.4%
Related for CVELIST:CVE-2020-15156