Lucene search
K

4 matches found

OSV
OSV
added 2026/03/27 7:9 a.m.5 views

BIT-DISCOURSE-2026-27740 Discourse has Stored XSS in AI Triage Automation

Discourse is an open-source discussion platform. Versions prior to 2026.3.0, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interface withou...

6.1CVSS5.9AI score0.00324EPSS
Exploits0References5
NVD
NVD
added 2026/03/19 9:17 p.m.6 views

CVE-2026-27740

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interfa...

6.1CVSS0.00324EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 8:56 p.m.3 views

CVE-2026-27740 Discourse has Stored XSS in AI Triage Automation

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interfa...

5.1CVSS5.7AI score0.00324EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 8:56 p.m.9 views

CVE-2026-27740

Discourse (open-source discussion platform) is affected by CVE-2026-27740. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 are vulnerable to stored XSS caused by trusting raw output from an AI Large Language Model and rendering it with htmlSafe in the Review Queue without adequate san...

6.1CVSS5.7AI score0.00324EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder