CVE-2023-43659

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.1 Discourse version 3.2.0.beta1 and earlier

Description Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled.

Recommendations For versions prior to 3.1.1, upgrade to version 3.1.1 or later. For version 3.2.0.beta1 and earlier, upgrade to a later version. As a temporary workaround, consider enabling CSP on the forum to minimize the risk of exploitation.