NodeBB Cross-Site WebSocket Hijacking Vulnerability Allows User Information Extraction

CVE-2023-2850 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.

Learn more about our Web App Pen Testing.