PT-2024-20113 · Discourse · Discourse

🗓️ 30 Jan 2024 00:00:00Reported by Positive TechnologiesType

Discourse cross site scripting happens when input is not sanitized and Content Security Policy is disabled.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-23834	30 Jan 202423:26	–	circl
CNNVD	Discourse 跨站脚本漏洞	30 Jan 202400:00	–	cnnvd
CNVD	Discourse cross-site scripting vulnerability (CNVD-2024-09871)	2 Feb 202400:00	–	cnvd
CVE	CVE-2024-23834	30 Jan 202421:31	–	cve
Cvelist	CVE-2024-23834 Discourse improperly sanitized user input leads to XSS	30 Jan 202421:31	–	cvelist
EUVD	EUVD-2024-21276	3 Oct 202520:07	–	euvd
NVD	CVE-2024-23834	30 Jan 202422:15	–	nvd
OpenVAS	Discourse < 3.1.5, 3.2.x < 3.2.0.beta5 XSS Vulnerability	5 Feb 202400:00	–	openvas
OSV	BIT-DISCOURSE-2024-23834 Discourse improperly sanitized user input leads to XSS	6 Mar 202410:51	–	osv
OSV	CVE-2024-23834 Discourse improperly sanitized user input leads to XSS	30 Jan 202421:31	–	osv

Source	Link
github	www.github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000
github	www.github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc
osv	www.osv.dev/vulnerability/BIT-discourse-2024-23834
meta	www.meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093
osv	www.osv.dev/vulnerability/CVE-2024-23834
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-23834
meta	www.meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094
t	www.t.me/cvenotify/69321
twitter	www.twitter.com/VulmonFeeds/status/1752477021660176470
twitter	www.twitter.com/RedPacketSec/status/1754083395661975951

06 Mar 2024 00:00Current

6Medium risk

Vulners AI Score6

CVSS 3.16.1 - 6.3

EPSS0.00513

SSVC