CVE-2023-47119

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier of the beta and tests-passed branches

Description Discourse is an open source platform for community discussion. The issue allows some links to inject arbitrary HTML tags when rendered through the Onebox engine. There are no known workarounds.

Recommendations For versions prior to 3.1.3, update to version 3.1.3 or later of the stable branch. For version 3.2.0.beta3 and earlier of the beta and tests-passed branches, update to version 3.2.0.beta3 or later.

Exploit

Fix

Special Elements Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-79

Related Identifiers

BIT-DISCOURSE-2023-47119

CVE-2023-47119

GHSA-J95W-5HVX-JP5W

Affected Products

Discourse

CVE-2023-47119

Weakness Enumeration

Related Identifiers

Affected Products

References · 12