CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-15156

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile27.87th
Published2020年8月26日
Last Modified2024年11月21日

Vulnerability Description

In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.

Affected Platforms (CPE)

📦
Nodebb

Blog Comments

< 0.7.0

References & Advisories

🔗 https://github.com/psychobunny/nodebb-plugin-blog-comments/commit/cf43beedb05131937ef46f365ab0a0c6fa6ac618
🔗 https://github.com/psychobunny/nodebb-plugin-blog-comments/security/advisories/GHSA-43m5-c88r-cjvv
🔗 https://www.npmjs.com/package/nodebb-plugin-blog-comments
🔗 https://github.com/psychobunny/nodebb-plugin-blog-comments/commit/cf43beedb05131937ef46f365ab0a0c6fa6ac618
🔗 https://github.com/psychobunny/nodebb-plugin-blog-comments/security/advisories/GHSA-43m5-c88r-cjvv
🔗 https://www.npmjs.com/package/nodebb-plugin-blog-comments

相关漏洞威胁

CVE-2006-28279.8

SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execu...

CVE-2017-10000049.8

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Cou...

CVE-2020-152767.7

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted ni...

CVE-2006-10987.5

Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) inform...