nodebb-plugin-blog-comments

Releases80

Frequency1 month 2 weeks

Last Release over 1 year ago

NodeBB Blog Comments (Ghost / WP Commenting Engine)

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-15156 ↗	Aug 26, 2020Wednesday, 26 August 2020, 19:15	6.8 MEDIUM	4.3 MEDIUM
In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.