CVE-2025-29513 Information

Description

Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator.

Reference

http://nodebb.com https://www.tonysec.com/posts/cve-2025-29513/