Medium severity6.1NVD Advisory· Published Sep 21, 2017· Updated Jun 17, 2026
CVE-2015-3296
CVE-2015-3296
Description
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nodebbnpm | < 0.70 | 0.70 |
nodebb-plugin-markdownnpm | < 5.1.1 | 5.1.1 |
Affected products
3- ghsa-coords2 versions
< 0.70+ 1 more
- (no CPE)range: < 0.70
- (no CPE)range: < 5.1.1
Patches
Vulnerability mechanics
References
9- www.openwall.com/lists/oss-security/2015/04/10/10nvdMailing ListPatchThird Party AdvisoryWEB
- github.com/julianlam/nodebb-plugin-markdown/commit/ab7f2684750882f7baefbfa31db8d5aac71e6ec3nvdPatchThird Party Advisory
- www.securityfocus.com/bid/71824nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-9g4f-5rpg-4948ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-3296ghsaADVISORY
- github.com/NodeBB/NodeBB/issues/2273ghsaWEB
- github.com/NodeBB/nodebb-plugin-markdown/commit/ab7f2684750882f7baefbfa31db8d5aac71e6ec3ghsaWEB
- github.com/markdown-it/markdown-it/commit/f76d3beb46abd121892a2e2e5c78376354c214e3ghsaWEB
- web.archive.org/web/20200228230630/http://www.securityfocus.com/bid/71824ghsaWEB
News mentions
0No linked articles in our index yet.