VYPR
Medium severity6.1NVD Advisory· Published Sep 21, 2017· Updated Jun 17, 2026

CVE-2015-3296

CVE-2015-3296

Description

Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
nodebbnpm
< 0.700.70
nodebb-plugin-markdownnpm
< 5.1.15.1.1

Affected products

3

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.