Lucene search
GoogleOSV:BIT-DISCOURSE-2023-43659HistoryMar 06, 2024 - 10:54 a.m.
BIT-discourse-2023-43659
2024-03-0610:54:02
Google
osv.dev
3
open source
community discussion
xss
vulnerability
patched
upgrade
csp
Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.
| CPE | Name | Operator | Version |
|---|---|---|---|
| discourse | lt | 3.1.1 | |
| discourse | ge | 3.2.0-beta1 | |
| discourse | le | 3.2.0-beta1 |
Related
cve
cve
CVE-2023-43659
2023-10-16 22:15:12
osv
osv
BIT-2023-43659
2023-10-20 06:17:06
CVE-2023-43659
2023-10-16 22:15:12
prion
prion
Cross site scripting
2023-10-16 22:15:00
cvelist
cvelist
openvas
openvas
Discourse <= 3.1.1, 3.2.0.beta1 Multiple Vulnerabilities
2023-10-23 00:00:00
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.3%
Related for OSV:BIT-DISCOURSE-2023-43659