Cross-Site Scripting Flaw in NodeBB by NodeBB
CVE-2015-9286

6.1MEDIUM

Key Information:

Vendor

Nodebb

Status
Vendor
CVE Published:
30 April 2019

What is CVE-2015-9286?

The outgoing XSS vulnerability in NodeBB arises from improper handling of user inputs in the controllers/index.js file. This flaw can be exploited by attackers to inject malicious scripts into web pages viewed by other users, potentially compromising sensitive data and user sessions. Users running versions prior to 0.7.3 are particularly at risk and should upgrade to secure their systems against this type of attack.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.