CVE-2021-32764

Name of the Vulnerable Software and Affected Versions Discourse versions 2.7.5 and prior

Description Discourse is an open-source discussion platform. The parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks in versions where the default Content Security Policy has been modified or disabled.

Recommendations For versions 2.7.5 and prior, update to stable version 2.7.6, beta version 2.8.0.beta3, or tests-passed version 2.8.0.beta3 to resolve the issue. As a temporary workaround, ensure that the Content Security Policy is enabled and has not been modified in a way that would make it more vulnerable to XSS attacks.