CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-57041: A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section...

Description

A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile.

Classification

CVE ID: CVE-2024-57041

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.97% (scored less or equal to compared to others)

EPSS Date: 2025-02-21 (when was this score calculated)

References

http://nodebb.com
https://www.tonysec.com/posts/cve-2024-57041/
https://github.com/NodeBB/NodeBB/commit/4e69bff72fd04779064d37e46a43080e6c328adf

Timeline

2025-01-25 00:30:26 UTC
CVE

A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section...