1Twodrei

**Name of the Vulnerable Software and Affected Versions** Discourse versions 2.8.10 and prior Discourse versions 2.9.0.beta11 and prior **Description** Discourse is an open-source messaging platform. Users composing malicious messages and navigating to the drafts page could self-XSS. This issue can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. **Recommendations** For versions 2.8.10 and prior, update to the latest stable version of Discourse. For versions 2.9.0.beta11 and prior, update to the latest beta or tests-passed version of Discourse. As a temporary workaround, consider restricting access to the drafts page until a patch is available. Avoid using modified or disabled Content Security Policy configurations to minimize the risk of exploitation.