NodeBB Cross-Site WebSocket Hijacking Vulnerability Allows User Information Extraction
CVE-2023-2850 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.
Learn more about our Web App Pen Testing.