5 matches found
CVE-2023-32061
Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other...
Discourse 3.1.x < 3.1.0.beta5 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescriptio...
Discourse < 3.0.4 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescriptio...
CVE-2023-32061
Discourse prior to v3.0.4 (stable) and v3.1.0.beta5 (beta/tests-passed) is vulnerable to iframe tag restriction bypass, allowing an attacker to hide subsequent comments. Root cause: lack of restrictions on the iframe tag in topic creation. Patched in v3.0.4 (stable) and v3.1.0.beta5 (beta/tests-p...
CVE-2023-32061 Discourse Topic Creation Page Allows iFrame Tag without Restrictions
Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other...