9 matches found
CVE-2025-54411
Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcomebanner.header.loggedinmembers site text to remove the...
BIT-DISCOURSE-2025-54411 Discourse welcome banner user name XSS
Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcomebanner.header.loggedinmembers site text to remove the...
CVE-2025-54411
Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcomebanner.header.loggedinmembers site text to remove the...
CVE-2025-54411
CVE-2025-54411 affects Discourse prior to 3.5.0.beta8, where the welcome_banner.header.logged_in_members and the logged-in user name string can cause cross-site scripting (XSS). The underlying issue is in the welcome banner user name string, enabling XSS that may impact the user or allow an admin...
CVE-2025-54411 Discourse welcome banner user name XSS
Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcomebanner.header.loggedinmembers site text to remove the...
CVE-2025-54411 Discourse welcome banner user name XSS
Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcomebanner.header.loggedinmembers site text to remove the...
PT-2025-33751 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.5.0.beta8 Description: Discourse, an open-source discussion platform, contains a cross-site scripting XSS issue in the welcome banner user name string for logged-in users. This can affect the user or an...
Discourse 跨站脚本漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability that stems from a cross-site scripting attack in which an unescaped username string is...
FTP Desktop 3.5 - Banner Parsing Buffer Overflow
FTP Desktop 3.5 - Banner Parsing Buffer Overflow source: https://www.securityfocus.com/bid/8559/info A buffer overflow vulnerability has been reported in FTP Desktop. The vulnerability occurs when FTP Desktop is parsing 'Welcome' banner 220 messages from remote FTP servers. When FTP Desktop...