PT-2025-26829 · Discourse · Discourse

Tgxworld

Published

2025-06-25

Updated

2025-08-25

CVE-2025-48954

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.5.0.beta6

Description: The issue is related to cross-site scripting when the content security policy is not enabled, specifically when using social logins.

Recommendations: For versions prior to 3.5.0.beta6, update to version 3.5.0.beta6 to resolve the issue. As a temporary workaround, enable the content security policy.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-DISCOURSE-2025-48954

CVE-2025-48954

GHSA-26P5-MJJH-WFCF

Affected Products

Discourse

PT-2025-26829 · Discourse · Discourse

CVE-2025-48954

Weakness Enumeration

Related Identifiers

Affected Products

References · 11