4 matches found
BIT-DISCOURSE-2026-27740 Discourse has Stored XSS in AI Triage Automation
Discourse is an open-source discussion platform. Versions prior to 2026.3.0, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interface withou...
CVE-2026-27740
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interfa...
CVE-2026-27740 Discourse has Stored XSS in AI Triage Automation
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interfa...
CVE-2026-27740
Discourse (open-source discussion platform) is affected by CVE-2026-27740. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 are vulnerable to stored XSS caused by trusting raw output from an AI Large Language Model and rendering it with htmlSafe in the Review Queue without adequate san...