Cross-Site Scripting Vulnerability in NodeBB by NodeBB
CVE-2025-29513
Currently unrated
What is CVE-2025-29513?
A Cross-Site Scripting vulnerability exists in NodeBB versions up to and including 4.0.4, enabling remote attackers to inject arbitrary code through the admin API Access token generator. This security flaw poses risks as it can lead to unauthorized actions being performed in the context of the affected user's session, potentially compromising sensitive information and overall system integrity.
