psychobunny/nodebb-plugin-blog-comments
GitHub
Releases12
Frequency3 months 2 weeks
Last Release
Stars101
Lets NodeBB act as a comments engine/widget for your blog
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.8 MEDIUM | 4.3 MEDIUM | ||
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation. | |||