Improper user input escaping led to Cross-site Scripting attacks in Discourse digest email preview UI, affecting sites with disabled CSP. Patched in 3.1.1 & 3.2.0.beta1 releases. Upgrade advised
Reporter | Title | Published | Views | Family All 8 |
---|---|---|---|---|
![]() | CVE-2023-43659 | 16 Oct 202322:15 | – | osv |
![]() | BIT-discourse-2023-43659 | 6 Mar 202410:54 | – | osv |
![]() | Cross site scripting | 16 Oct 202322:15 | – | prion |
![]() | CVE-2023-43659 Cross-site Scripting via email preview when CSP disabled in Discourse | 16 Oct 202321:05 | – | vulnrichment |
![]() | CVE-2023-43659 Cross-site Scripting via email preview when CSP disabled in Discourse | 16 Oct 202321:05 | – | cvelist |
![]() | CVE-2023-43659 | 16 Oct 202322:15 | – | nvd |
![]() | CVE-2023-43659 | 16 Oct 202322:15 | – | cve |
![]() | Discourse <= 3.1.1, 3.2.0.beta1 Multiple Vulnerabilities | 23 Oct 202300:00 | – | openvas |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo