CVE-2023-43187

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

CVE-2023-43187

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

CVE-2023-43187

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

Remote code execution

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

NodeBB Security Vulnerabilities

NodeBB is a forum system built using Node.js a web application platform built on top of Google's V8 JavaScript engine by the Design Create Play team. A security vulnerability exists in versions prior to NodeBB v1.18.6, which stems from the presence of a Remote Code Execution RCE vulnerability tha...

PT-2023-28726 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB versions prior to 1.18.6 Description: A remote code execution issue in the "xmlrpc.php" endpoint allows attackers to execute arbitrary code via crafted XML-RPC requests. Recommendations: For versions prior to 1.18.6, update to version...

CVE-2023-43187

NodeBB

CVE-2023-43187

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

CVE-2023-43187

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

Websocket Session Hijacking

nodebb is vulnerable to Websocket Session Hijacking. The vulnerability exists due to missing csrf token in the request which allows an attacker to gain access to private information via cross-origin websocket session hijacking...

GHSA-4QCV-QF38-5J3J Unintentional leakage of private information via cross-origin websocket session hijacking

Impact Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb. Patches Patched in v3.1.3 Backported to v2.x line via v2.8.13 Workarounds Users can cherry-pick...

Unintentional leakage of private information via cross-origin websocket session hijacking

Impact Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb. Patches Patched in v3.1.3 Backported to v2.x line via v2.8.13 Workarounds Users can cherry-pick...

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

Cross site scripting

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

CVE-2023-2850

CVE-2023-2850 affects NodeBB and is a Cross-Site WebSocket Hijacking vulnerability caused by missing validation of the request origin. The issue can lead to leakage of certain user information. Publicly documented details identify affected NodeBB lines as NodeBB 2.x before 2.8.13 and 3.x before 3...

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

PT-2023-21763 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB versions prior to 2.8.13 NodeBB versions prior to 3.1.3 Description: The issue is related to a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. This allows certain user information to be...

NodeBB 访问控制错误漏洞

NodeBB is a forum system from the Design Create Play team built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability exists in NodeBB that stems from a lack of valid authentication of the source of requests...