2 matches found
CVE-2026-27154
creationtimestamp| type| source ---|---|--- 2026-02-26 22:29:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfsanzhygr2e...
CVE-2026-27154
Discourse contains an XSS flaw in which a user’s full name can be evaluated as raw HTML when display_name_on_posts is true and prioritize_username_in_ux is false. The issue occurs when editing a post by a malicious user, potentially triggering XSS. Affected versions include prior to 2025.12.2, 20...