8 matches found
CVE-2025-22602
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest...
Discourse < 3.3.4 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
CVE-2025-22602
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest...
CVE-2025-22602
creationtimestamp| type| source ---|---|--- 2025-02-04 20:57:02+00:00| seen| https://infosec.exchange/users/cve/statuses/113947615005883636 2025-02-04 21:16:14+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhey4gc3o62t 2025-02-04 22:23:40+00:00| seen|...
CVE-2025-22602
Discourse vulnerability CVE-2025-22602: Stored DOM-based XSS via video placeholders in Discourse posts can allow arbitrary JavaScript execution in users’ browsers when CSP is disabled. Descriptions across multiple sources confirm the issue is triggered by a malicious video placeholder HTML elemen...
CVE-2025-22602 Stored DOM-based XSS (without CSP) via video placeholders in Discourse
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest...
CVE-2025-22602 Stored DOM-based XSS (without CSP) via video placeholders in Discourse
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest...
CVE-2025-22602 Stored DOM-based XSS (without CSP) via video placeholders in Discourse
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest...