CVE-2015-9286

NONE EPSS 68.2%
Published Apr 30, 20197y ago ยท Modified Jun 17, 20262w ago
Find Similar
Published Apr 30, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.

Threat Intelligence

EPSS Exploit Probability
68.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
nodebbnodebb* <0.7.3

References 4

  • github.com https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529
    Release NotesThird Party Advisory
  • github.com https://github.com/NodeBB/NodeBB/pull/3371
    PatchThird Party Advisory
  • vulners.com https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625
    ExploitThird Party Advisory
  • vulnerability-lab.com https://www.vulnerability-lab.com/get_content.php?id=1608
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/NodeBB/NodeBB/pull/3371
    PatchThird Party Advisory