Vulnerabilities > Nodebb

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-20	CVE-2020-15149	Improper Authentication vulnerability in Nodebb NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. network low complexity nodebb CWE-287	6.5
2019-04-30	CVE-2015-9286	Cross-site Scripting vulnerability in Nodebb Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. network nodebb CWE-79	4.3
2017-09-21	CVE-2015-3296	Cross-site Scripting vulnerability in Nodebb Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. network nodebb CWE-79	4.3

Vulnerabilities > Nodebb {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Nodebb"}]}