Cross-Site Scripting Vulnerability in NodeBB by NodeBB
CVE-2025-29512

Currently unrated

Key Information:

Vendor

NodeBB

Status
Vendor
CVE Published:
18 April 2025

What is CVE-2025-29512?

A Cross-Site Scripting (XSS) vulnerability exists in NodeBB versions up to 4.0.4, allowing remote attackers to inject arbitrary code. This exploitation could potentially compromise the functionality meant to blacklist IP addresses until the injected content is manually removed from the database. Organizations using affected versions of NodeBB should promptly review their current setups for possible exposure and apply necessary security measures.

References

Timeline

  • Vulnerability published

.