Lucene search
K

365 matches found

Veracode
Veracode
added 2019/09/02 5:43 a.m.13 views

Cross-site Scripting (XSS)

nodebb is vulnerable to cross-site scripting XSS. The attack exists because it does not have basic protection from XSS and relies on the plugins to perform sanitization of all the parsed content, allowing an attacker to inject malicious script if any of the plugins get disabled...

3.7AI score
Exploits0
Veracode
Veracode
added 2019/07/10 4:47 a.m.15 views

Cross-Site Scripting (XSS)

nodeBB is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via Controllers.outgoing in controllers/index.js...

6.1CVSS5.9AI score0.01357EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/05/01 6:37 p.m.16 views

GHSA-72FV-QGJ6-2W2P Cross-site Scripting in NodeBB

Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS...

6.1CVSS6.2AI score0.01357EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2019/05/01 6:37 p.m.38 views

Cross-site Scripting in NodeBB

Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS...

6.1CVSS6.2AI score0.01357EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2019/04/30 2:29 p.m.25 views

CVE-2015-9286

Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS...

6.1CVSS6.3AI score0.01357EPSS
Exploits1References4
Prion
Prion
added 2019/04/30 2:29 p.m.13 views

Cross site scripting

Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS...

4.3CVSS7AI score0.01357EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2019/04/30 1:7 p.m.24 views

CVE-2015-9286

Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS...

6.3AI score0.01357EPSS
Exploits1References4
CVE
CVE
added 2019/04/30 1:7 p.m.58 views

CVE-2015-9286

NodeBB

6.1CVSS6.2AI score0.01357EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2017/10/18 9:23 p.m.5 views

Cross-Site Scripting (XSS)

The NodeBB forum software is vulnerable to cross-site scriptingXSS. The flag pages description did not properly validate data as text. An attacker could have introduced code injection through the description field...

7AI score
Exploits0
NVD
NVD
added 2017/09/21 2:29 p.m.19 views

CVE-2015-3296

Multiple cross-site scripting XSS vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript: or 2 data: URLs...

6.1CVSS6AI score0.01265EPSS
Exploits0References3
Prion
Prion
added 2017/09/21 2:29 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript: or 2 data: URLs...

4.3CVSS6AI score0.01265EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/09/21 2:0 p.m.25 views

CVE-2015-3296

Multiple cross-site scripting XSS vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript: or 2 data: URLs...

6AI score0.01265EPSS
Exploits0References3
CVE
CVE
added 2017/09/21 2:0 p.m.60 views

CVE-2015-3296

CVE-2015-3296: NodeBB before 0.7 is affected by cross-site scripting in its Markdown processing, allowing remote attackers to inject arbitrary script via javascript: or data: URLs. The vulnerability is tied to insufficient input filtering in the Markdown/html rendering path (markdown-it-based) in...

6.1CVSS5.9AI score0.01265EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2017/04/18 6:14 a.m.9 views

Script Injection

nodebb is vulnerable to script injection. It does not properly escape translation tokens in topic titles, descriptions, profile about areas, and post content, thereby allowing malicious users to inject scripts...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2017/01/31 1:34 p.m.36 views

Ubiquiti Inc.: Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/

Hello, While I was looking at your renewn SSL certificated, I have noticed the following link : http://nodebb.ubnt.com/ I have seen that this link was protected by htaccess password, but I have decided to run a nmap scan. By running the following : sudo nmap -sSV -p- 104.131.159.88 -oA stageph -T...

5.9AI score
Exploits0
Veracode
Veracode
added 2016/12/16 6:36 a.m.7 views

Remote Code Execution (RCE)

NodeBB is vulnerable to remote code execution attacks. If a malicious user is able to force an admin to run a special JavaScript code, it is possible to remotely execute code during the installation or updating of plugins. This is caused because the npm commands executed are not sanitized...

8AI score
Exploits0
OpenVAS
OpenVAS
added 2016/05/07 12:0 a.m.17 views

NodeBB Detection (HTTP)

HTTP based detection of NodeBB. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.111100";...

7.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2016/05/07 12:0 a.m.20 views

NodeBB < 0.7.3 XSS Vulnerability - Active Check

NodeBB is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

6.1CVSS6.3AI score0.01357EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2016/05/07 12:0 a.m.28 views

NodeBB < 0.7.0 XSS Vulnerability

NodeBB is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

6.1CVSS5.5AI score0.01287EPSS
Exploits0References2
CNVD
CNVD
added 2016/01/08 12:0 a.m.6 views

markdown-it and NodeBB HTML injection vulnerability (CNVD-2016-00135)

markdown-it is a parser product. NodeBB is a forum system developed by the Design Create Play team and built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. An HTML injection vulnerability exists in markdown-it versions prior to 4.1.0 and NodeBB versions...

6.1CVSS7.7AI score0.01265EPSS
Exploits0References1
Rows per page
Query Builder