CVE-2023-43657
discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting XSS issue when a site has content security policy CSP headers disabled. Having CSP disabled is a non-default configuration...