3 matches found
CVE-2023-29196 HTML injection via topic embedding in Discourse
Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an attacker succeeds in...
CVE-2023-29196 HTML injection via topic embedding in Discourse
Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an attacker succeeds in...
CVE-2023-29196
CVE-2023-29196 affects Discourse. Not exploitable on default install; a custom feature must be enabled and the attacker’s payload must pass CSP to run. If JavaScript passes CSP, it could enable session hijacking for users viewing the attacker’s post. The issue is patched in the latest tests-passe...