Nodebb: >> Blog Comments >> 0.0.1 Security Vulnerabilities
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.
CVSS Score
6.8
EPSS Score
0.002
Published
2020-08-26