CVE-2024-45303

Name of the Vulnerable Software and Affected Versions Discourse Calendar plugin versions prior to 0.5

Description The Discourse Calendar plugin is susceptible to XSS attacks when rendering event names. This issue only affects sites that have modified or disabled Discourse's default Content Security Policy.

Recommendations For versions prior to 0.5, update to version 0.5 of the Discourse Calendar plugin to resolve the issue. As a temporary workaround, consider restricting the rendering of event names or re-enabling Discourse's default Content Security Policy until the patch can be applied.