Known Vulnerabilities for products from Nodebb
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Nodebb".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-43187 json | A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 a... | 9.8 - CRITICAL | 2023-09-27 | 2023-09-28 |
| CVE-2023-30591 json | Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWi... | 7.5 - HIGH | 2023-09-29 | 2023-10-02 |
| CVE-2023-26045 json | NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object de... | 9.8 - CRITICAL | 2023-07-24 | 2023-08-31 |
| CVE-2023-2850 json | NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploit... | 4.7 - MEDIUM | 2023-07-25 | 2023-08-07 |
| CVE-2022-46164 json | NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message... | 9.8 - CRITICAL | 2022-12-05 | 2023-11-07 |
| CVE-2022-36076 json | NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessa... | 7.5 - HIGH | 2022-09-02 | 2022-09-08 |
| CVE-2022-36045 json | NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web soc... | 9.8 - CRITICAL | 2022-08-31 | 2022-09-06 |
| CVE-2022-3978 json | A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the fi... | 4.3 - MEDIUM | 2022-11-13 | 2023-11-07 |
| CVE-2021-43788 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5 - MEDIUM | 2021-11-29 | 2022-10-27 |
| CVE-2021-43787 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2021-11-29 | 2022-10-27 |
| CVE-2021-43786 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2021-11-29 | 2022-10-27 |
| CVE-2020-15156 json | In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a thir... | 8.1 - HIGH | 2020-08-26 | 2020-09-01 |
| CVE-2020-15149 json | NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change ... | 9.9 - CRITICAL | 2020-08-20 | 2021-11-18 |
| CVE-2015-9286 json | Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. | 6.1 - MEDIUM | 2019-04-30 | 2019-05-01 |
| CVE-2015-3296 json | Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web scrip... | 6.1 - MEDIUM | 2017-09-21 | 2017-09-28 |
Known software with vulnerabilities from Nodebb
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Nodebb | Blog Comments | - |
| Application | Nodebb | Nodebb | 0.0.3 |