CVE-2024-57041: NodeBB Cross-site scripting (XSS) vulnerability

January 24, 2025 (updated February 7, 2025)

A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the ‘about me’ section of their profile.

References

github.com/NodeBB/NodeBB
github.com/NodeBB/NodeBB/commit/4e69bff72fd04779064d37e46a43080e6c328adf
github.com/advisories/GHSA-vqr3-vrrg-f3jh
nvd.nist.gov/vuln/detail/CVE-2024-57041
www.tonysec.com/posts/cve-2024-57041

Detect and mitigate CVE-2024-57041 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →