Cross-Site Scripting Flaw in NodeBB by NodeBB
CVE-2015-9286
6.1MEDIUM
What is CVE-2015-9286?
The outgoing XSS vulnerability in NodeBB arises from improper handling of user inputs in the controllers/index.js file. This flaw can be exploited by attackers to inject malicious scripts into web pages viewed by other users, potentially compromising sensitive data and user sessions. Users running versions prior to 0.7.3 are particularly at risk and should upgrade to secure their systems against this type of attack.
