Impact
Due to lack of CSRF validation, a logged in user is potentially vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum.
Patches
Upgrade to the latest version v0.7.0
Workarounds
You can cherry-pick the following commit: cf43bee
References
Visit https://community.nodebb.org if you have any questions about this issue or on how to patch / upgrade your instance.
Impact
Due to lack of CSRF validation, a logged in user is potentially vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum.
Patches
Upgrade to the latest version v0.7.0
Workarounds
You can cherry-pick the following commit: cf43bee
References
Visit https://community.nodebb.org if you have any questions about this issue or on how to patch / upgrade your instance.