CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

OSV•added 2026/04/07 8:43 a.m.•3 views

BIT-DISCOURSE-2026-32243 Discourse: Stored XSS in discourse-ai shared conversations onebox

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted conversation titles. This payload would execute in the...

6.1CVSS5.9AI score0.00169EPSS

Exploits0References3

CVE•added 2026/03/31 5:39 p.m.•10 views

CVE-2026-32243

Discourse CVE-2026-32243 describes a stored XSS risk in shared AI conversations where crafted conversation titles could inject HTML/JS that runs in a user’s browser when viewing a onebox preview. Affected versions include 2026.1.0-latest up to but not including 2026.1.3, 2026.2.0-latest up to but...

6.1CVSS5.9AI score0.00169EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by