Identifier

CVE-2020-15156

Package Slug

npm/nodebb

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

In the nodebb-plugin-blog-comments, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.

Affected Versions

All versions before 0.7.0

Solution

Upgrade to version 0.7.0 or above.

Last Modified

2020-09-03

source