CVE-2020-15156

Summary

In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.

Affected Software

VendorProductVersion RangeStatus
psychobunnynodebb-plugin-blog-comments< 0.7.0affected

Weaknesses

  • CWE-352: CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References