VYPR
Moderate severityNVD Advisory· Published Aug 26, 2020· Updated Aug 4, 2024

XSS due to lack of CSRF validation for replying/publishing

CVE-2020-15156

Description

In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
nodebb-plugin-blog-commentsnpm
< 0.7.00.7.0

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.