CVE-2015-9286: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 1, 2019 (updated August 3, 2021)

Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.

References

github.com/NodeBB/NodeBB/compare/56b79a9...4de7529
github.com/NodeBB/NodeBB/pull/3371
github.com/advisories/GHSA-72fv-qgj6-2w2p
nvd.nist.gov/vuln/detail/CVE-2015-9286
vulners.com/securityvulns/SECURITYVULNS:DOC:32625
www.vulnerability-lab.com/get_content.php?id=1608

Code Behaviors & Features

Detect and mitigate CVE-2015-9286 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →