Shodan
Vulnerabilities
Vulnerable Software
Nodebb:  >> Nodebb  >> 2.4.4  Security Vulnerabilities
CVE-2025-29512
Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-04-18
CVE-2025-29513
Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-04-18
CVE-2023-30591
Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.
CVSS Score
7.5
EPSS Score
0.01
Published
2023-09-29
CVE-2023-2850
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-07-25
CVE-2022-46164
NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit.
CVSS Score
9.4
EPSS Score
0.614
Published
2022-12-05
CVE-2022-3978
A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-11-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved