Cross-Site Request Forgery (CSRF)
In nodebb-plugin-blog-comments, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.
Advisories for Npm/Nodebb-Plugin-Blog-Comments package
2020