Cross-Site Scripting Vulnerability in NodeBB by NodeBB
CVE-2025-29513

Currently unrated

Key Information:

Vendor

NodeBB

Status
Vendor
CVE Published:
18 April 2025

What is CVE-2025-29513?

A Cross-Site Scripting vulnerability exists in NodeBB versions up to and including 4.0.4, enabling remote attackers to inject arbitrary code through the admin API Access token generator. This security flaw poses risks as it can lead to unauthorized actions being performed in the context of the affected user's session, potentially compromising sensitive information and overall system integrity.

References

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

.