Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.
References
Link | Resource |
---|---|
https://www.vulnerability-lab.com/get_content.php?id=1608 | Exploit Third Party Advisory |
https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625 | Exploit Third Party Advisory |
https://github.com/NodeBB/NodeBB/pull/3371 | Patch Third Party Advisory |
https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529 | Release Notes Third Party Advisory |
Configurations
Information
Published : 2019-04-30 07:29
Updated : 2019-05-01 07:22
NVD link : CVE-2015-9286
Mitre link : CVE-2015-9286
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
nodebb
- nodebb