Lucene search
PRIOn knowledge basePRION:CVE-2023-22468HistoryJan 26, 2023 - 9:18 p.m.
Cross site scripting
2023-01-2621:18:00
PRIOn knowledge base
www.prio-n.com
4
open source
community discussion
vulnerability
cross-site scripting
csp
discourse
0.001 Low
EPSS
Percentile
21.0%
Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with disabled or overly permissive CSP (Content Security Policy). Discourse’s default CSP prevents this vulnerability. This vulnerability is patched in versions 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed). As a workaround, enable and/or restore your site’s CSP to the default one provided with Discourse.
Related
cvelist
cvelist
osv
osv
BIT-discourse-2023-22468
2024-03-06 11:01:29
CVE-2023-22468
2023-01-26 21:18:12
cve
cve
CVE-2023-22468
2023-01-26 21:18:12
nvd
nvd
CVE-2023-22468
2023-01-26 21:18:12
openvas
openvas
Discourse 3.1.x < 3.1.0.beta2 Multiple Vulnerabilities
2023-01-27 00:00:00
Discourse < 3.0.1 Multiple Vulnerabilities
2023-01-27 00:00:00