Lucene search

K
nvd[email protected]NVD:CVE-2023-32061
HistoryJun 13, 2023 - 10:15 p.m.

CVE-2023-32061

2023-06-1322:15:09
CWE-863
web.nvd.nist.gov
discourse
platform
iframe
vulnerability
patched

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

19.8%

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches. There are no known workarounds.

Affected configurations

NVD
Node
discoursediscourseRange<3.0.4stable
OR
discoursediscourseMatch3.1.0beta1beta
OR
discoursediscourseMatch3.1.0beta2beta
OR
discoursediscourseMatch3.1.0beta3beta
OR
discoursediscourseMatch3.1.0beta4beta

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

19.8%

Related for NVD:CVE-2023-32061