CVE-2024-57041

Medium CVSS: 4.6

A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile.

Vendor

Nodebb

Product

Nodebb

CWE

CWE-79

Yayın Tarihi

2025-01-24 20:15:33

Güncelleme

2025-06-27 19:33:21

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Nodebb MEDIUM Nodebb 2025

Referanslar

http://nodebb.com https://github.com/NodeBB/NodeBB/commit/4e69bff72fd04779064d37e46a43080e6c328adf https://www.tonysec.com/posts/cve-2024-57041/

Benzer Kayıtlar

High

CVE-2025-50979

NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The sear…

Medium

CVE-2025-29512

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and…

Medium

CVE-2025-29513

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in…