Vulnerabilities > Nodebb > Nodebb > 0.3.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-29 | CVE-2023-30591 | Improper Check for Unusual or Exceptional Conditions vulnerability in Nodebb Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively. | 7.5 |
| 2023-09-27 | CVE-2023-43187 | XML Injection (aka Blind XPath Injection) vulnerability in Nodebb A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. | 9.8 |
| 2023-07-25 | CVE-2023-2850 | Origin Validation Error vulnerability in Nodebb NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. | 4.7 |
| 2022-12-05 | CVE-2022-46164 | Unspecified vulnerability in Nodebb NodeBB is an open source Node.js based forum software. | 9.8 |
| 2022-11-13 | CVE-2022-3978 | Cross-Site Request Forgery (CSRF) vulnerability in Nodebb A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. | 4.3 |
| 2022-09-02 | CVE-2022-36076 | Unspecified vulnerability in Nodebb NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. | 7.5 |
| 2022-08-31 | CVE-2022-36045 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Nodebb NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. | 9.8 |
| 2019-04-30 | CVE-2015-9286 | Cross-site Scripting vulnerability in Nodebb Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. | 6.1 |
| 2017-09-21 | CVE-2015-3296 | Cross-site Scripting vulnerability in Nodebb Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. | 6.1 |