exploitDog

CVE-2025-29512

Опубликовано: 18 апр. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database.

Ссылки

http://nodebb.com
Product
https://www.tonysec.com/posts/cve-2025-29512/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*

Версия до 4.0.4 (включая)

EPSS

Процентиль: 15%

0.00048

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gpg3-h2f7-7hcx

CVSS3: 6.1

github

10 месяцев назад

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database.

EPSS

Процентиль: 15%

0.00048

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79