Description

Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.

Remediation

References

https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529

https://github.com/NodeBB/NodeBB/pull/3371

https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625

https://www.vulnerability-lab.com/get_content.php?id=1608

Related Vulnerabilities

CVE-2020-7609 Vulnerability in npm package node-rules

CVE-2019-10793 Vulnerability in npm package dot-object

CVE-2023-30518 Vulnerability in maven package io.jenkins.plugins:thycotic-secret-server

CVE-2021-4306 Vulnerability in npm package terminal-kit

CVE-2023-22465 Vulnerability in maven package org.http4s:http4s-core_3

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Release Notes Third Party Advisory Patch Exploit