PT-2023-30322 · Discourse · Discourse

0Xmokusou

Publicado

2023-11-10

Atualizado

2024-03-06

CVE-2023-47119

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier of the beta and tests-passed branches

Description Discourse is an open source platform for community discussion. The issue allows some links to inject arbitrary HTML tags when rendered through the Onebox engine. There are no known workarounds.

Recommendations For versions prior to 3.1.3, update to version 3.1.3 or later of the stable branch. For version 3.2.0.beta3 and earlier of the beta and tests-passed branches, update to version 3.2.0.beta3 or later.

Exploit

Correção

Special Elements Injection

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-79

Identificadores relacionados

BIT-DISCOURSE-2023-47119

CVE-2023-47119

GHSA-J95W-5HVX-JP5W

Produtos afetados

Discourse

PT-2023-30322 · Discourse · Discourse

CVE-2023-47119

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12