CVE-2022-46162

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions discourse-bbcode versions prior to commit 91478f5

Description The issue affects sites with the discourse-bbcode plugin installed and enabled, allowing CSS injection when rendering content generated with the plugin. As a workaround, enabling the Content Security Policy and monitoring posts that contain bbcode can help mitigate the issue.

Recommendations For versions prior to commit 91478f5, update to a version that includes the patch from commit 91478f5 to resolve the issue. As a temporary workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode.

Exploit

Fix

Special Elements Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-79

Related Identifiers

CVE-2022-46162

GHSA-8C87-XPQV-C7MP

Affected Products

Discourse-Bbcode

CVE-2022-46162

Weakness Enumeration

Related Identifiers

Affected Products

References · 6