PT-2026-26705 · Discourse · Discourse
Jomaxro
·
Publicado
2026-03-20
·
Atualizado
2026-03-27
·
CVE-2026-33411
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 2026.3.0-latest.1
Discourse versions prior to 2026.2.1
Discourse versions prior to 2026.1.2
Description
Discourse, an open-source discussion platform, is affected by a potential stored Cross-Site Scripting (XSS) issue in topic titles within the solved posts stream. This allows for the injection of malicious scripts that can be executed in the context of other users' browsers.
Recommendations
Update to Discourse version 2026.3.0-latest.1 or later.
Update to Discourse version 2026.2.1 or later.
Update to Discourse version 2026.1.2 or later.
Ensure the Content Security Policy is enabled and has not been modified in a way that increases vulnerability to XSS attacks.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Discourse