Lucene search
GoogleOSV:CVE-2020-15156HistoryAug 26, 2020 - 7:15 p.m.
CVE-2020-15156
2020-08-2619:15:14
Google
osv.dev
6
nodebb
plugin
xss
vulnerability
csrf
validation
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.
Related
github
github
XSS due to lack of CSRF validation for replying/publishing
2020-08-26 18:55:38
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Nodebb Blog Comments
2020-12-01 09:45:48
veracode
veracode
Cross-Site Request Forgery (CSRF)
2020-08-27 02:24:12
osv
osv
XSS due to lack of CSRF validation for replying/publishing
2020-08-26 18:55:38
cve
cve
CVE-2020-15156
2020-08-26 19:15:14
nvd
nvd
CVE-2020-15156
2020-08-26 19:15:14
prion
prion
Cross site request forgery (csrf)
2020-08-26 19:15:00
cvelist
cvelist
CVE-2020-15156 XSS due to lack of CSRF validation for replying/publishing
2020-08-26 19:10:14