PT-2024-20113 · Discourse · Discourse
Gingermanymph
·
Published
2024-01-30
·
Updated
2024-03-06
·
CVE-2024-23834
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Discourse versions prior to 3.1.5
Discourse versions prior to 3.2.0.beta5
Description
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS issue in some situations. This issue only affects Discourse instances which have disabled the default Content Security Policy.
Recommendations
For versions prior to 3.1.5, update to version 3.1.5 or later.
For versions prior to 3.2.0.beta5, update to version 3.2.0.beta5 or later.
As a temporary workaround, ensure Content Security Policy is enabled and does not include
unsafe-inline.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discourse