Vulnerabilities > Nodebb > Nodebb > 1.15.2

DATE CVE VULNERABILITY TITLE RISK
2023-09-29 CVE-2023-30591 Improper Check for Unusual or Exceptional Conditions vulnerability in Nodebb
Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.
network
low complexity
nodebb CWE-754
7.5
7.5
2023-09-27 CVE-2023-43187 XML Injection (aka Blind XPath Injection) vulnerability in Nodebb
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.
network
low complexity
nodebb CWE-91
critical
 9.8
9.8
2023-07-25 CVE-2023-2850 Origin Validation Error vulnerability in Nodebb
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin.
network
low complexity
nodebb CWE-346
4.7
4.7
2022-12-05 CVE-2022-46164 Improper Initialization vulnerability in Nodebb
NodeBB is an open source Node.js based forum software.
network
low complexity
nodebb CWE-665
critical
 9.8
9.8
2022-11-13 CVE-2022-3978 Cross-Site Request Forgery (CSRF) vulnerability in Nodebb
A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7.
network
low complexity
nodebb CWE-352
4.3
4.3
2021-11-29 CVE-2021-43786 Improper Authentication vulnerability in Nodebb
Nodebb is an open source Node.js based forum software.
network
low complexity
nodebb CWE-287
7.5
7.5
2021-11-29 CVE-2021-43788 Path Traversal vulnerability in Nodebb
Nodebb is an open source Node.js based forum software.
network
low complexity
nodebb CWE-22
5.0
5.0