2 matches found
CVE-2023-43659
Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the...
CVE-2023-43659
Discourse contains a Cross-site Scripting (XSS) vulnerability in the digest email preview UI when CSP is disabled. Root cause: improper escaping of user input. Affected releases include Discourse 3.1.x (up to 3.1.1) and the 3.2.0.beta1 release. The issue does not require network exploitation deta...