CVE-2022-46164

NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised ...

CVE-2020-15149

NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to a privilege escalation event due via an...

NodeBB < 3.11.1 XSS Vulnerability

NodeBB is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...

NodeBB < 2.8.11 DoS Vulnerability

NodeBB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...

NodeBB < 1.18.6 RCE Vulnerability

NodeBB is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...

NodeBB < 3.6.7 Broken Access Control Vulnerability

NodeBB is prone to a broken access control vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...

GHSA-VQR3-VRRG-F3JH NodeBB Cross-site scripting (XSS) vulnerability

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

NodeBB Cross-site scripting (XSS) vulnerability

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

CVE-2024-57041

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

CVE-2024-57041

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

CVE-2024-57041

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

NodeBB 安全漏洞

NodeBB is a forum system from the Design Create Play team built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability exists in NodeBB version v3.11.0, which stems from the presence of a cross-site scripting XSS vulnerability that could...

PT-2025-3397 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB version 3.11.0 Description: A persistent cross-site scripting XSS issue allows remote attackers to store arbitrary code in the 'about me' section of their profile. This enables attackers to execute malicious scripts on the website...

CVE-2024-57041

A persistent cross-site scripting XSS vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile...

CVE-2024-57041

NodeBB v3.11.0 contains a persistent XSS vulnerability in the user profile’s about me field that can store arbitrary code. Exploitation details are not provided in the connected documents, but the CVSS vector (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) yields a base score of 4.6 (Medium) with network a...

Incorrect Access Control in NodeBB

In NodeBB prior to 3.6.7 an attacker was able to access the restricted tabs for the Admin group which are only allowed the the administrators...

GHSA-QC99-R4WH-C8H6 Incorrect Access Control in NodeBB

In NodeBB prior to 3.6.7 an attacker was able to access the restricted tabs for the Admin group which are only allowed the the administrators...

NodeBB v3.6.7 Broken Access Control Vulnerability

Exploit Title: Broken Access Control - on NodeBB v3.6.7 Exploit Author: Vibhor Sharma Vendor Homepage: https://nodebb.org/ Version: 3.6.7 Description: I identified a broken access control vulnerability in nodeBB v3.6.7, enabling attackers to access restricted information intended solely for...

CVE-2024-29316

NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true...

CVE-2024-29316

NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true...