📦 Nodebb

This vulnerability in NodeBB forum software allows attackers to execute arbitrary JavaScript files on the server through a path traversal attack combined with object destructuring assignment. It affec...

CVE-2021-43786 is an authentication bypass vulnerability in NodeBB forum software where incorrect token verification logic allowed attackers to gain master token access to the API. This could lead to ...

NodeBB v4.3.0 contains a SQL injection vulnerability in the search-categories API endpoint that allows unauthenticated remote attackers to execute arbitrary SQL queries. This can lead to data theft, d...

A stored Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and earlier allows attackers to inject malicious scripts into the blacklist IP functionality. This could enable session hijacking, cr...

A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows authenticated users to inject malicious JavaScript into their profile's 'about me' section. This stored code executes whe...