CVE-2025-54411

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.5.0.beta8

Description: Discourse, an open-source discussion platform, contains a cross-site scripting (XSS) issue in the welcome banner user name string for logged-in users. This can affect the user or an administrator impersonating them.

Recommendations: Update to version 3.5.0.beta8 or later. As a temporary workaround, administrators can alter the welcome banner.header.logged in members site text to remove the preferred display name placeholder. Administrators can avoid impersonating any users for the time being.