357 matches found
CVE-2021-43788
Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as...
Path traversal
Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as...
CVE-2021-43788 Path traversal in translator module of NobeBB
Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as...
CVE-2021-43788
CVE-2021-43788 affects NodeBB (NodeBB) prior to version 1.18.5, describing a path traversal vulnerability in the translator module that allowed access to JSON files outside the languages/ directory. The vulnerability has been patched in v1.18.5; upgrade to 1.18.5+ to remediate. Connected advisori...
CVE-2021-43786
NodeBB (NodeBB) is affected by CVE-2021-43786 due to incorrect logic in the token verification step, which could allow a master token to access the API. A fix is available in v1.18.5; upgrading to that version (or later) is advised. The vulnerability affects the API authentication pathway and is ...
CVE-2021-43787
NodeBB (NodeBB) contains a prototype pollution vulnerability in the uploader module affecting multiple 1.x versions, leading to arbitrary data injection into the DOM and potential account takeover when combined with a path traversal issue. The issue is documented under CVE-2021-43787 and has been...
CVE-2021-43787 XSS via prototype pollution
Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used in conjunction with a pat...
NodeBB 授权问题漏洞
NodeBB is a forum system built by the Design Create Play team using Node.js, a web application platform built on top of Google's V8 JavaScript engine. an authorization issue vulnerability exists in Nodebb, which stems from a faulty token authentication logic in the product, and could be exploited...
PT-2021-23933 · Nodebb · Nodebb
Name of the Vulnerable Software and Affected Versions: Nodebb versions prior to 1.18.5 Description: A prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used i...
PT-2021-23932 · Nodebb · Nodebb
Name of the Vulnerable Software and Affected Versions: Nodebb versions prior to 1.18.5 Description: The issue is related to incorrect logic in the token verification step, which unintentionally allowed master token access to the API. Recommendations: For versions prior to 1.18.5, upgrade to versi...
PT-2021-23934 · Nodebb · Nodebb
Name of the Vulnerable Software and Affected Versions: Nodebb versions prior to 1.18.5 Description: A path traversal issue allowed users to access JSON files outside of the expected languages/ directory. This issue has been patched as of version 1.18.5. Users are advised to upgrade as soon as...
NodeBB 路径遍历漏洞
NodeBB is a forum system built by the Design Create Play team using Node.js, a web application platform built on top of Google's V8 JavaScript engine. Nodebb is vulnerable to a path traversal vulnerability that could be exploited to access locations outside of restricted directories...
Nodebb 安全漏洞
NodeBB is a forum system built by the Design Create Play team using Node.js, a web application platform built on top of Google's V8 JavaScript engine. nodebb has a security vulnerability that could be exploited by attackers to access locations outside of restricted directories...
NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Exploit
Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME, 'password': PASSWOR...
NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write
Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Date: 2021-02-01 Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME,...
NodeBB Emoji 3.2.1 Arbitrary FIle Write
Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Date: 2021-02-01 Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME,...
NodeBB Forum 1.14.2 Account Takeover
Exploit Title: NodeBB Forum 1.12.2-1.14.2 - Account Takeover Date: 2020-08-18 Exploit Author: Muhammed Eren Uygun Vendor Homepage: https://nodebb.org/ Software Link: https://github.com/NodeBB/NodeBB Version: 1.12.2-1.14.2 Tested on: Linux CVE : CVE-2020-15149 -...
NodeBB Forum 1.12.2-1.14.2 - Account Takeover
Exploit Title: NodeBB Forum 1.12.2-1.14.2 - Account Takeover Date: 2020-08-18 Exploit Author: Muhammed Eren Uygun Vendor Homepage: https://nodebb.org/ Software Link: https://github.com/NodeBB/NodeBB Version: 1.12.2-1.14.2 Tested on: Linux CVE : CVE-2020-15149 -...
CVE-2020-15156
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation...
CVE-2020-15156
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation...