CVE-2025-29512

Medium CVSS: 6.1

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database.

Vendor

Nodebb

Product

Nodebb

CWE

CWE-79

Yayın Tarihi

2025-04-18 18:15:48

Güncelleme

2025-04-23 17:28:01

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Nodebb MEDIUM Nodebb 2025

Referanslar

http://nodebb.com https://www.tonysec.com/posts/cve-2025-29512/

Benzer Kayıtlar

High

CVE-2025-50979

NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The sear…

Medium

CVE-2025-29513

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in…

Medium

CVE-2024-57041

A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code…