365 matches found
Cross-site Scripting (XSS)
nodebb is vulnerable to cross-site scripting XSS. The attack exists because it does not have basic protection from XSS and relies on the plugins to perform sanitization of all the parsed content, allowing an attacker to inject malicious script if any of the plugins get disabled...
Cross-Site Scripting (XSS)
nodeBB is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via Controllers.outgoing in controllers/index.js...
GHSA-72FV-QGJ6-2W2P Cross-site Scripting in NodeBB
Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS...
Cross-site Scripting in NodeBB
Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS...
CVE-2015-9286
Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS...
Cross site scripting
Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS...
CVE-2015-9286
Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS...
CVE-2015-9286
NodeBB
Cross-Site Scripting (XSS)
The NodeBB forum software is vulnerable to cross-site scriptingXSS. The flag pages description did not properly validate data as text. An attacker could have introduced code injection through the description field...
CVE-2015-3296
Multiple cross-site scripting XSS vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript: or 2 data: URLs...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript: or 2 data: URLs...
CVE-2015-3296
Multiple cross-site scripting XSS vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript: or 2 data: URLs...
CVE-2015-3296
CVE-2015-3296: NodeBB before 0.7 is affected by cross-site scripting in its Markdown processing, allowing remote attackers to inject arbitrary script via javascript: or data: URLs. The vulnerability is tied to insufficient input filtering in the Markdown/html rendering path (markdown-it-based) in...
Script Injection
nodebb is vulnerable to script injection. It does not properly escape translation tokens in topic titles, descriptions, profile about areas, and post content, thereby allowing malicious users to inject scripts...
Ubiquiti Inc.: Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/
Hello, While I was looking at your renewn SSL certificated, I have noticed the following link : http://nodebb.ubnt.com/ I have seen that this link was protected by htaccess password, but I have decided to run a nmap scan. By running the following : sudo nmap -sSV -p- 104.131.159.88 -oA stageph -T...
Remote Code Execution (RCE)
NodeBB is vulnerable to remote code execution attacks. If a malicious user is able to force an admin to run a special JavaScript code, it is possible to remotely execute code during the installation or updating of plugins. This is caused because the npm commands executed are not sanitized...
NodeBB Detection (HTTP)
HTTP based detection of NodeBB. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.111100";...
NodeBB < 0.7.3 XSS Vulnerability - Active Check
NodeBB is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...
NodeBB < 0.7.0 XSS Vulnerability
NodeBB is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...
markdown-it and NodeBB HTML injection vulnerability (CNVD-2016-00135)
markdown-it is a parser product. NodeBB is a forum system developed by the Design Create Play team and built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. An HTML injection vulnerability exists in markdown-it versions prior to 4.1.0 and NodeBB versions...