CVE-2020-15156

MEDIUM

nodebb-plugin-blog-comments <0.7.0 - XSS

Title source: llm
STIX 2.1

Description

In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.

Scores

CVSS v3 6.8
EPSS 0.0062
EPSS Percentile 45.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Details

CWE
CWE-352
Status published
Products (2)
nodebb/blog_comments < 0.7.0
npm/nodebb-plugin-blog-comments 0 - 0.7.0npm
Published Aug 26, 2020
Tracked Since Feb 18, 2026