0.5.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-29	CVE-2023-30591	Improper Check for Unusual or Exceptional Conditions vulnerability in Nodebb Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively. network low complexity nodebb CWE-754	7.5
2023-09-27	CVE-2023-43187	XML Injection (aka Blind XPath Injection) vulnerability in Nodebb A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. network low complexity nodebb CWE-91 critical	9.8
2023-07-25	CVE-2023-2850	Origin Validation Error vulnerability in Nodebb NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. network low complexity nodebb CWE-346	4.7
2022-12-05	CVE-2022-46164	Improper Initialization vulnerability in Nodebb NodeBB is an open source Node.js based forum software. network low complexity nodebb CWE-665 critical	9.8
2022-11-13	CVE-2022-3978	Cross-Site Request Forgery (CSRF) vulnerability in Nodebb A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. network low complexity nodebb CWE-352	4.3
2019-04-30	CVE-2015-9286	Cross-site Scripting vulnerability in Nodebb Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. network nodebb CWE-79	4.3
2017-09-21	CVE-2015-3296	Cross-site Scripting vulnerability in Nodebb Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. network nodebb CWE-79	4.3