|Package Slug|| |
Cross-Site Request Forgery (CSRF)
In the nodebb-plugin-blog-comments, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.
|Affected Versions|| |
All versions before 0.7.0
Upgrade to version 0.7.0 or above.
|Last Modified|| |