Vulnerabilities > Nodebb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-2850 | Origin Validation Error vulnerability in Nodebb NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. | 4.7 |
| 2022-11-13 | CVE-2022-3978 | Cross-Site Request Forgery (CSRF) vulnerability in Nodebb A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. | 4.3 |
| 2021-11-29 | CVE-2021-43787 | Unspecified vulnerability in Nodebb Nodebb is an open source Node.js based forum software. | 6.1 |
| 2021-11-29 | CVE-2021-43788 | Unspecified vulnerability in Nodebb Nodebb is an open source Node.js based forum software. | 5.0 |
| 2019-04-30 | CVE-2015-9286 | Cross-site Scripting vulnerability in Nodebb Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. | 6.1 |
| 2017-09-21 | CVE-2015-3296 | Cross-site Scripting vulnerability in Nodebb Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. | 6.1 |