Количество 2
Количество 2
CVE-2021-43787
Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.
GHSA-wx69-rvg3-x7fc
XSS via prototype pollution in NodeBB
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-43787 Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. | CVSS3: 9 | 0% Низкий | около 4 лет назад |
| GHSA-wx69-rvg3-x7fc XSS via prototype pollution in NodeBB | CVSS3: 9 | 0% Низкий | около 4 лет назад |
Уязвимостей на страницу