BIT-DISCOURSE-2023-25172 Discourse vulnerable to Cross-site Scripting - user name displayed on post

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled o...

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A security vulnerability exists in Discourse versions prior to 3.0.1 stable, 3.1.0.beta2 beta and test-passed. An attacker exploited the vulnerability to cause a regular...