Moderate severityNVD Advisory· Published Aug 26, 2020· Updated Aug 4, 2024
XSS due to lack of CSRF validation for replying/publishing
CVE-2020-15156
Description
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nodebb-plugin-blog-commentsnpm | < 0.7.0 | 0.7.0 |
Affected products
2- Range: < 0.7.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-43m5-c88r-cjvvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-15156ghsaADVISORY
- github.com/psychobunny/nodebb-plugin-blog-comments/commit/cf43beedb05131937ef46f365ab0a0c6fa6ac618ghsax_refsource_MISCWEB
- github.com/psychobunny/nodebb-plugin-blog-comments/security/advisories/GHSA-43m5-c88r-cjvvghsax_refsource_CONFIRMWEB
- www.npmjs.com/package/nodebb-plugin-blog-commentsghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.