Vulnerabilities > Nodebb

DATE CVE VULNERABILITY TITLE RISK
2023-09-29 CVE-2023-30591 Improper Check for Unusual or Exceptional Conditions vulnerability in Nodebb
Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.
network
low complexity
nodebb CWE-754
7.5
2023-09-27 CVE-2023-43187 XML Injection (aka Blind XPath Injection) vulnerability in Nodebb
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.
network
low complexity
nodebb CWE-91
critical
9.8
2023-07-25 CVE-2023-2850 Origin Validation Error vulnerability in Nodebb
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin.
network
low complexity
nodebb CWE-346
4.7
2023-07-24 CVE-2023-26045 Path Traversal vulnerability in Nodebb
NodeBB is Node.js based forum software.
network
low complexity
nodebb CWE-22
critical
9.8
2022-12-05 CVE-2022-46164 Improper Initialization vulnerability in Nodebb
NodeBB is an open source Node.js based forum software.
network
low complexity
nodebb CWE-665
critical
9.8
2022-11-13 CVE-2022-3978 Cross-Site Request Forgery (CSRF) vulnerability in Nodebb
A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7.
network
low complexity
nodebb CWE-352
4.3
2021-11-29 CVE-2021-43786 Improper Authentication vulnerability in Nodebb
Nodebb is an open source Node.js based forum software.
network
low complexity
nodebb CWE-287
7.5
2021-11-29 CVE-2021-43787 Unspecified vulnerability in Nodebb
Nodebb is an open source Node.js based forum software.
network
low complexity
nodebb
6.1
2021-11-29 CVE-2021-43788 Path Traversal vulnerability in Nodebb
Nodebb is an open source Node.js based forum software.
network
low complexity
nodebb CWE-22
5.0
2020-08-26 CVE-2020-15156 Cross-Site Request Forgery (CSRF) vulnerability in Nodebb Blog Comments
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum.
network
nodebb CWE-352
4.3