-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized user input in the 'aboutme' field being displayed in moderator views. The commit fix shows validator.escape() was added specifically to Flags.getTarget in src/flags.js to address this. Before patching, this function returned raw userData.aboutme content, which could contain unescaped HTML/JS. The template modification in detail.tpl appears cosmetic, while the core vulnerability existed in the data retrieval layer where user-controlled content was not sanitized before being passed to admin interfaces.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| nodebb | npm | < 3.11.1 | 3.11.1 |
A Semantic Attack on Google Gemini - Read the Latest Research