Blog Comments

blog_comments

Vendor: Nodebb • 1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15156 1Nodebb 1Blog Comments Nov 21, 2024 Aug 26, 2020 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.