Persistent XSS Vulnerability in NodeBB by NodeBB
CVE-2024-57041

4.6MEDIUM

Key Information:

Vendor

NodeBB

Status
Vendor
CVE Published:
24 January 2025

What is CVE-2024-57041?

A persistent cross-site scripting (XSS) vulnerability exists in NodeBB version 3.11.0, enabling remote attackers to inject arbitrary code into the 'about me' section of user profiles. This vulnerability allows for unauthorized execution of scripts, which can lead to further security breaches, data theft, or manipulation of user accounts. It is crucial for users and administrators to apply patches and mitigate risks associated with this vulnerability.

References

EPSS Score

26% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.