CVE-2025-29512

MEDIUM

NodeBB < 4.0.4 - Stored Cross-Site Scripting via Blacklist IP Functionality

Title source: llm
STIX 2.1

Description

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database.

References (2)

Core 2
Core References

Scores

CVSS v3 6.1
EPSS 0.0023
EPSS Percentile 14.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
nodebb/nodebb < 4.0.4
Published Apr 18, 2025
Tracked Since Feb 18, 2026