CVE-2024-57041
published 2025-01-24CVE-2024-57041: A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their…
PriorityP432medium4.6CVSS 3.1
AVNACLPRLUIRSUCLILAN
EPSS
26.08%
97.7th percentile
A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nodebb | nodebb | — | — |
| nodebb | nodebb | >= 0 < 3.11.1 | 3.11.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
NodeBB Cross-site scripting (XSS) vulnerability
ghsa·2025-01-24
CVE-2024-57041 [MEDIUM] CWE-79 NodeBB Cross-site scripting (XSS) vulnerability
NodeBB Cross-site scripting (XSS) vulnerability
A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile.
OSV
NodeBB Cross-site scripting (XSS) vulnerability
osv·2025-01-24
CVE-2024-57041 [MEDIUM] NodeBB Cross-site scripting (XSS) vulnerability
NodeBB Cross-site scripting (XSS) vulnerability
A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-24
Published