2 matches found
BIT-DISCOURSE-2026-44785 Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user with access to the AI...
Stored Cross-Site Scripting Vulnerability in the "Reply to Post" Section of the StartBBS Lightweight Micro-Community System
StartBBS Lightweight Micro Community System is an elegant, open source, lightweight community system based on Thinkphp 5.15 & Layui, with its own article system. A stored cross-site scripting vulnerability exists in the "Reply to Post" section of StartBBS. An attacker can insert malicious js code...