CVE-2024-57041

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

CVE-2024-57041

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

CVE-2024-29316

NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true...

CVE-2022-3978 NodeBB abort cross-site request forgery

A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this...

PT-2022-4655 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB Forum Software versions prior to 1.19.7 NodeBB Forum Software versions prior to 2.0.0 Description: The utils.generateUUID helper function in NodeBB Forum Software uses a cryptographically insecure pseudo-random number generator...

markdown-it and NodeBB HTML Injection Vulnerabilities

markdown-it is a parser product. NodeBB is a forum system developed by the Design Create Play team and built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. An HTML injection vulnerability exists in markdown-it versions prior to 4.1.0 and NodeBB versions...