IQID:11969 HTTP NodeBB Cross Site Scripting Vulnerability S

IQID: 11969 - October 2015

A non-persistent input validation web vulnerability has been discovered in the offical NodeBB v0.8.2 forum web-application. The security vulnerability allows remote attackers to manipulate client-side application to browser requests to compromise user session data. The vulnerability is located in the `url` values of the `outgoing` module. Remote attackers are able to inject malicious script codes to client-side browser to application requests. Remote attackers are able to prepare special crafted weblinks to execute client-side script code that compromises the src/controllers/index.js GET data. The execution of the script code occurs in the src/controllers/index.js module. The attack vector of the vulnerability is located on the client-side of the web-application and the request method to inject or execute the code is GET.

A Full Description is available for this threat, please sign in for access to Full Description.

 

Attack Data

Attack Data is available for this threat, please sign in for access to Attack Data.

 

CVSS Information

CVSS Information is available for this threat, please sign in for access to CVSS Information.

 

Date

Date Information is available for this threat, please sign in for access to Date Information.