CVE-2021-37633

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2.7.8

Description The issue affects Discourse, an open source discussion platform, where rendering of d-popover tooltips can be susceptible to XSS attacks in versions prior to 2.7.8. This vulnerability only affects sites that have modified or disabled Discourse's default Content Security Policy.

Recommendations For versions prior to 2.7.8, update to the latest stable version 2.7.8 to resolve the issue. As a temporary workaround, ensure that the Content Security Policy is enabled and has not been modified in a way that would make it more vulnerable to XSS attacks.