Cross-Site Scripting (XSS)

The NodeBB forum software is vulnerable to cross-site scriptingXSS. The flag pages description did not properly validate data as text. An attacker could have introduced code injection through the description field...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript: or 2 data: URLs...

CVE-2015-3296

Multiple cross-site scripting XSS vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript: or 2 data: URLs...

CVE-2015-3296

CVE-2015-3296: NodeBB before 0.7 is affected by cross-site scripting in its Markdown processing, allowing remote attackers to inject arbitrary script via javascript: or data: URLs. The vulnerability is tied to insufficient input filtering in the Markdown/html rendering path (markdown-it-based) in...

CVE-2015-3296

Multiple cross-site scripting XSS vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript: or 2 data: URLs...

Script Injection

nodebb is vulnerable to script injection. It does not properly escape translation tokens in topic titles, descriptions, profile about areas, and post content, thereby allowing malicious users to inject scripts...

Ubiquiti Inc.: Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/

Hello, While I was looking at your renewn SSL certificated, I have noticed the following link : http://nodebb.ubnt.com/ I have seen that this link was protected by htaccess password, but I have decided to run a nmap scan. By running the following : sudo nmap -sSV -p- 104.131.159.88 -oA stageph -T...

Remote Code Execution (RCE)

NodeBB is vulnerable to remote code execution attacks. If a malicious user is able to force an admin to run a special JavaScript code, it is possible to remotely execute code during the installation or updating of plugins. This is caused because the npm commands executed are not sanitized...

NodeBB < 0.7.0 XSS Vulnerability

NodeBB is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

NodeBB Detection (HTTP)

HTTP based detection of NodeBB. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.111100";...

NodeBB < 0.7.3 XSS Vulnerability - Active Check

NodeBB is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

markdown-it and NodeBB HTML injection vulnerability (CNVD-2016-00135)

markdown-it is a parser product. NodeBB is a forum system developed by the Design Create Play team and built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. An HTML injection vulnerability exists in markdown-it versions prior to 4.1.0 and NodeBB versions...

markdown-it and NodeBB HTML Injection Vulnerabilities

markdown-it is a parser product. NodeBB is a forum system developed by the Design Create Play team and built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. An HTML injection vulnerability exists in markdown-it versions prior to 4.1.0 and NodeBB versions...

NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability

Document Title: =============== NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID: ====================================...

NodeBB 0.8.2 Cross Site Scripting

Document Title: =============== NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID: ====================================...

NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability

Document Title: =============== NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1608 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID: ====================================...

NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability

Document Title: =============== NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1608 Release Date: ============= 2015-09-23 Vulnerability Laboratory ID VL-ID: ====================================...