Vulnerabilities > Nodebb

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-29	CVE-2023-30591	Improper Check for Unusual or Exceptional Conditions vulnerability in Nodebb Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively. network low complexity nodebb CWE-754	7.5
2023-09-27	CVE-2023-43187	XML Injection (aka Blind XPath Injection) vulnerability in Nodebb A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. network low complexity nodebb CWE-91 critical	9.8
2023-07-25	CVE-2023-2850	Origin Validation Error vulnerability in Nodebb NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. network low complexity nodebb CWE-346	4.7
2023-07-24	CVE-2023-26045	Path Traversal vulnerability in Nodebb NodeBB is Node.js based forum software. network low complexity nodebb CWE-22 critical	9.8
2022-12-05	CVE-2022-46164	Improper Initialization vulnerability in Nodebb NodeBB is an open source Node.js based forum software. network low complexity nodebb CWE-665 critical	9.8
2022-11-13	CVE-2022-3978	Cross-Site Request Forgery (CSRF) vulnerability in Nodebb A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. network low complexity nodebb CWE-352	4.3
2021-11-29	CVE-2021-43786	Improper Authentication vulnerability in Nodebb Nodebb is an open source Node.js based forum software. network low complexity nodebb CWE-287	7.5
2021-11-29	CVE-2021-43787	Unspecified vulnerability in Nodebb Nodebb is an open source Node.js based forum software. network low complexity nodebb	6.1
2021-11-29	CVE-2021-43788	Path Traversal vulnerability in Nodebb Nodebb is an open source Node.js based forum software. network low complexity nodebb CWE-22	5.0
2020-08-26	CVE-2020-15156	Cross-Site Request Forgery (CSRF) vulnerability in Nodebb Blog Comments In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. network nodebb CWE-352	4.3

Vulnerabilities > Nodebb {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Nodebb"}]}

Vulnerabilities > Nodebb