CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15156

In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.2%

CVSS Severity

CVSS v3 Score 6.8

CVSS v2 Score 4.3

References

Products affected by CVE-2020-15156

Nodebb » Blog Comments » Version: N/A

cpe:2.3:a:nodebb:blog_comments:-
Nodebb » Blog Comments » Version: 0.0.1

cpe:2.3:a:nodebb:blog_comments:0.0.1
Nodebb » Blog Comments » Version: 0.0.10

cpe:2.3:a:nodebb:blog_comments:0.0.10
Nodebb » Blog Comments » Version: 0.0.11

cpe:2.3:a:nodebb:blog_comments:0.0.11
Nodebb » Blog Comments » Version: 0.0.12

cpe:2.3:a:nodebb:blog_comments:0.0.12
Nodebb » Blog Comments » Version: 0.0.14

cpe:2.3:a:nodebb:blog_comments:0.0.14
Nodebb » Blog Comments » Version: 0.0.15

cpe:2.3:a:nodebb:blog_comments:0.0.15
Nodebb » Blog Comments » Version: 0.0.16

cpe:2.3:a:nodebb:blog_comments:0.0.16
Nodebb » Blog Comments » Version: 0.0.17

cpe:2.3:a:nodebb:blog_comments:0.0.17
Nodebb » Blog Comments » Version: 0.0.18

cpe:2.3:a:nodebb:blog_comments:0.0.18
Nodebb » Blog Comments » Version: 0.0.19

cpe:2.3:a:nodebb:blog_comments:0.0.19
Nodebb » Blog Comments » Version: 0.0.2

cpe:2.3:a:nodebb:blog_comments:0.0.2
Nodebb » Blog Comments » Version: 0.0.21

cpe:2.3:a:nodebb:blog_comments:0.0.21
Nodebb » Blog Comments » Version: 0.0.22

cpe:2.3:a:nodebb:blog_comments:0.0.22
Nodebb » Blog Comments » Version: 0.0.23

cpe:2.3:a:nodebb:blog_comments:0.0.23
Nodebb » Blog Comments » Version: 0.0.24

cpe:2.3:a:nodebb:blog_comments:0.0.24
Nodebb » Blog Comments » Version: 0.0.25

cpe:2.3:a:nodebb:blog_comments:0.0.25
Nodebb » Blog Comments » Version: 0.0.26

cpe:2.3:a:nodebb:blog_comments:0.0.26
Nodebb » Blog Comments » Version: 0.0.3

cpe:2.3:a:nodebb:blog_comments:0.0.3
Nodebb » Blog Comments » Version: 0.0.4

cpe:2.3:a:nodebb:blog_comments:0.0.4
Nodebb » Blog Comments » Version: 0.0.5

cpe:2.3:a:nodebb:blog_comments:0.0.5
Nodebb » Blog Comments » Version: 0.0.6

cpe:2.3:a:nodebb:blog_comments:0.0.6
Nodebb » Blog Comments » Version: 0.0.7

cpe:2.3:a:nodebb:blog_comments:0.0.7
Nodebb » Blog Comments » Version: 0.0.8

cpe:2.3:a:nodebb:blog_comments:0.0.8
Nodebb » Blog Comments » Version: 0.0.9

cpe:2.3:a:nodebb:blog_comments:0.0.9
Nodebb » Blog Comments » Version: 0.1.0

cpe:2.3:a:nodebb:blog_comments:0.1.0
Nodebb » Blog Comments » Version: 0.1.1

cpe:2.3:a:nodebb:blog_comments:0.1.1
Nodebb » Blog Comments » Version: 0.1.10

cpe:2.3:a:nodebb:blog_comments:0.1.10
Nodebb » Blog Comments » Version: 0.1.11

cpe:2.3:a:nodebb:blog_comments:0.1.11
Nodebb » Blog Comments » Version: 0.1.12

cpe:2.3:a:nodebb:blog_comments:0.1.12
Nodebb » Blog Comments » Version: 0.1.13

cpe:2.3:a:nodebb:blog_comments:0.1.13
Nodebb » Blog Comments » Version: 0.1.14

cpe:2.3:a:nodebb:blog_comments:0.1.14
Nodebb » Blog Comments » Version: 0.1.15

cpe:2.3:a:nodebb:blog_comments:0.1.15
Nodebb » Blog Comments » Version: 0.1.16

cpe:2.3:a:nodebb:blog_comments:0.1.16
Nodebb » Blog Comments » Version: 0.1.17

cpe:2.3:a:nodebb:blog_comments:0.1.17
Nodebb » Blog Comments » Version: 0.1.18

cpe:2.3:a:nodebb:blog_comments:0.1.18
Nodebb » Blog Comments » Version: 0.1.19

cpe:2.3:a:nodebb:blog_comments:0.1.19
Nodebb » Blog Comments » Version: 0.1.2

cpe:2.3:a:nodebb:blog_comments:0.1.2
Nodebb » Blog Comments » Version: 0.1.3

cpe:2.3:a:nodebb:blog_comments:0.1.3
Nodebb » Blog Comments » Version: 0.1.4

cpe:2.3:a:nodebb:blog_comments:0.1.4
Nodebb » Blog Comments » Version: 0.1.5

cpe:2.3:a:nodebb:blog_comments:0.1.5
Nodebb » Blog Comments » Version: 0.1.6

cpe:2.3:a:nodebb:blog_comments:0.1.6
Nodebb » Blog Comments » Version: 0.1.7

cpe:2.3:a:nodebb:blog_comments:0.1.7
Nodebb » Blog Comments » Version: 0.1.8

cpe:2.3:a:nodebb:blog_comments:0.1.8
Nodebb » Blog Comments » Version: 0.1.9

cpe:2.3:a:nodebb:blog_comments:0.1.9
Nodebb » Blog Comments » Version: 0.2.0

cpe:2.3:a:nodebb:blog_comments:0.2.0
Nodebb » Blog Comments » Version: 0.2.1

cpe:2.3:a:nodebb:blog_comments:0.2.1
Nodebb » Blog Comments » Version: 0.2.2

cpe:2.3:a:nodebb:blog_comments:0.2.2
Nodebb » Blog Comments » Version: 0.2.3

cpe:2.3:a:nodebb:blog_comments:0.2.3
Nodebb » Blog Comments » Version: 0.3.0

cpe:2.3:a:nodebb:blog_comments:0.3.0
Nodebb » Blog Comments » Version: 0.3.1

cpe:2.3:a:nodebb:blog_comments:0.3.1
Nodebb » Blog Comments » Version: 0.4.0

cpe:2.3:a:nodebb:blog_comments:0.4.0
Nodebb » Blog Comments » Version: 0.4.1

cpe:2.3:a:nodebb:blog_comments:0.4.1
Nodebb » Blog Comments » Version: 0.4.2

cpe:2.3:a:nodebb:blog_comments:0.4.2
Nodebb » Blog Comments » Version: 0.4.3

cpe:2.3:a:nodebb:blog_comments:0.4.3
Nodebb » Blog Comments » Version: 0.4.4

cpe:2.3:a:nodebb:blog_comments:0.4.4
Nodebb » Blog Comments » Version: 0.4.6

cpe:2.3:a:nodebb:blog_comments:0.4.6
Nodebb » Blog Comments » Version: 0.4.7

cpe:2.3:a:nodebb:blog_comments:0.4.7
Nodebb » Blog Comments » Version: 0.5.0

cpe:2.3:a:nodebb:blog_comments:0.5.0
Nodebb » Blog Comments » Version: 0.5.1

cpe:2.3:a:nodebb:blog_comments:0.5.1
Nodebb » Blog Comments » Version: 0.5.3

cpe:2.3:a:nodebb:blog_comments:0.5.3
Nodebb » Blog Comments » Version: 0.5.4

cpe:2.3:a:nodebb:blog_comments:0.5.4
Nodebb » Blog Comments » Version: 0.5.5

cpe:2.3:a:nodebb:blog_comments:0.5.5
Nodebb » Blog Comments » Version: 0.5.6

cpe:2.3:a:nodebb:blog_comments:0.5.6
Nodebb » Blog Comments » Version: 0.6.0

cpe:2.3:a:nodebb:blog_comments:0.6.0
Nodebb » Blog Comments » Version: 0.6.1

cpe:2.3:a:nodebb:blog_comments:0.6.1
Nodebb » Blog Comments » Version: 0.6.2

cpe:2.3:a:nodebb:blog_comments:0.6.2
Nodebb » Blog Comments » Version: 0.6.3

cpe:2.3:a:nodebb:blog_comments:0.6.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15156

Products

Pricing

Contact Us