Julian Lam

5 exploits Active since Sep 2017
CVE-2015-3296 WRITEUP MEDIUM WRITEUP
NodeBB < 0.7 - Cross-Site Scripting via JavaScript or Data URLs
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.
CVSS 6.1
CVE-2020-15149 WRITEUP CRITICAL WRITEUP
NodeBB <1.14.3 - Privilege Escalation
NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to a privilege escalation event due via an account takeover. As a workaround you may cherry-pick the following commit from the project's repository to your running instance of NodeBB: 16cee1b03ba3eee177834a1fdac4aa8a12b39d2a. This is fixed in version 1.14.3.
CVSS 9.9
CVE-2022-36076 WRITEUP HIGH WRITEUP
NodeBB Forum Software - Info Disclosure
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2.
CVSS 8.8
CVE-2022-3978 WRITEUP MEDIUM WRITEUP
NodeBB < 2.5.8 - Cross-Site Request Forgery via /register/abort Endpoint
A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555.
CVSS 4.3
CVE-2023-30591 WRITEUP HIGH WRITEUP
NodeBB <= 2.8.10 - Unauthenticated Denial of Service via Crafted Socket.IO Messages
Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.
CVSS 7.5