6 matches found
EUVD-2025-13882
Malicious code in bioql PyPI...
CVE-2025-46824 Discourse Code Review Plugin vulnerable to XSS via auto link commits
The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...
CVE-2025-46824
The CVE-2025-46824 entry concerns the Discourse Code Review Plugin. Before commit eed3a80, an attacker could cause arbitrary JavaScript execution in a user’s browser by clicking links to malicious GitHub commits, effectively enabling an XSS vector in Discourse code review workflows. The issue is ...
CVE-2025-46824 Discourse Code Review Plugin vulnerable to XSS via auto link commits
The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...
CVE-2025-46824 Discourse Code Review Plugin vulnerable to XSS via auto link commits
The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...
PT-2025-20284 · Discourse · Discourse Code Review Plugin
Name of the Vulnerable Software and Affected Versions: Discourse Code Review Plugin versions prior to commit eed3a80 Description: The issue allows an attacker to execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This is a problem with the Discourse Code...