Security Advisory

CVE-2020-15156

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-08-26 19:10:14

Last updated 2024-08-04 13:08:22

Assigner GitHub_M

State PUBLISHED

Description

In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.

← Browse all CVEs View on cve.org ↗