Vulnerability Database

296,760

Total vulnerabilities in the database

CVE-2025-29513

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator.

Published: Apr 18, 2025
Updated: Apr 30, 2025
CVE: CVE-2025-29513
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
nodebb / nodebb	-	4.0.4.x

http://nodebb.com
https://www.tonysec.com/posts/cve-2025-29513/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo