Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:BIT-2023-43659
HistoryOct 20, 2023 - 6:17 a.m.

BIT-2023-43659

2023-10-2006:17:06
Google
osv.dev
20
discourse
community discussion
cross-site scripting
csp
patch
upgrade

0.0004 Low

EPSS

Percentile

14.1%

JSON

Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.

Related

prion 1
osv 2
nvd 1
cve 1
cvelist 1
openvas 1
prion
prion
Cross site scripting
2023-10-16 22:15:00
osv
osv
CVE-2023-43659
2023-10-16 22:15:12
BIT-discourse-2023-43659
2024-03-06 10:54:02
nvd
nvd
CVE-2023-43659
2023-10-16 22:15:12
cve
cve
CVE-2023-43659
2023-10-16 22:15:12
cvelist
cvelist
CVE-2023-43659 Cross-site Scripting via email preview when CSP disabled in Discourse
2023-10-16 21:05:31
openvas
openvas
Discourse <= 3.1.1, 3.2.0.beta1 Multiple Vulnerabilities
2023-10-23 00:00:00

0.0004 Low

EPSS

Percentile

14.1%

JSON
Related for OSV:BIT-2023-43659
prion1osv2nvd1cve1cvelist1openvas1