RSS   Vulnerabilities for 'Blog comments'   RSS

2020-08-26
 
CVE-2020-15156

CWE-352
 

 
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.

 

 >>> Vendor: Nodebb 2 Products
Nodebb
Blog comments


Copyright 2024, cxsecurity.com

 

Back to Top