CVE-2025-29513

Medium CVSS: 6.1

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator.

Vendor

Nodebb

Product

Nodebb

CWE

CWE-79

Yayın Tarihi

2025-04-18 18:15:48

Güncelleme

2025-04-23 17:24:54

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Nodebb MEDIUM Nodebb 2025

Referanslar

http://nodebb.com https://www.tonysec.com/posts/cve-2025-29513/

Benzer Kayıtlar

High

CVE-2025-50979

NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The sear…

Medium

CVE-2025-29512

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and…

Medium

CVE-2024-57041

A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code…