CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1 matches found

OSV•added 2025/02/04 8:55 p.m.•2 views

CVE-2024-56328 HTMLi(XSS without CSP) via Onebox urls in Discourse

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are...

6.5CVSS7AI score0.00147EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by