CVE-2015-9286

Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS...

CVE-2025-29513

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator...

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

NodeBB < 4.0.5 Multiple Vulnerabilities

NodeBB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb"; ifdescription...

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

CVE-2025-29513

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator...

CVE-2025-29513

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator...

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

CVE-2025-29513

NodeBB has a stored XSS vulnerability in the admin API Access token generator affecting NodeBB v4.0.4 and earlier. The issue allows remote attackers to store arbitrary code. A fix is available in NodeBB 4.0.5 and later (update to 4.0.5+), per PT-2025-17334. Other sources corroborate NodeBB

CVE-2025-29513

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator...

NodeBB 安全漏洞

NodeBB is a forum system from the Design Create Play team built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability exists in NodeBB 4.0.4 and earlier versions, which stems from vulnerability to stored cross-site scripting attacks and...

NodeBB 安全漏洞

NodeBB is a forum system from the Design Create Play team built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability exists in NodeBB 4.0.4 and earlier versions, which stems from vulnerability to a stored cross-site scripting attack tha...

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

CVE-2025-29513

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator...

CVE-2025-29512

The CVE-2025-29512 entry concerns NodeBB before 4.0.5, where a Cross-Site Scripting (XSS) flaw in the application enables a remote attacker to store arbitrary code. The vulnerability affects v4.0.4 and earlier; impact includes potential disruption of the blacklist IP feature until content is remo...

PT-2025-17333 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB versions prior to 4.0.5 Description: A Cross-Site Scripting XSS issue allows remote attackers to store arbitrary code, potentially rendering the blacklist IP functionality unusable until the content is removed via the database...

PT-2025-17334 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB versions prior to 4.0.5 Description: A Cross-Site Scripting XSS issue allows remote attackers to store arbitrary code in the admin API Access token generator. This could potentially lead to the execution of malicious code...

CVE-2022-36076

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added and later checked a nonce was inadvertently rendered opt-i...

CVE-2022-36045

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...