Cross-Site Scripting Vulnerabilities in NodeBB by NodeBB
CVE-2015-3296
6.1MEDIUM
What is CVE-2015-3296?
NodeBB versions prior to 0.7 are vulnerable to multiple cross-site scripting (XSS) attacks. These vulnerabilities enable remote attackers to inject arbitrary web scripts or HTML into user feeds via malicious javascript: or data: URLs. This flaw poses a significant security risk, as it can be exploited to execute scripts in the context of the affected application, potentially allowing for data theft and compromising user accounts.
