Lucene search
K

5 matches found

NVD
NVD
added 2026/03/19 11:16 p.m.7 views

CVE-2026-33395

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. F...

5.4CVSS0.00231EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 10:33 p.m.9 views

CVE-2026-33395

Discourse, via the discourse-graphviz plugin, is affected by a stored XSS that can be triggered by authenticated users through DOT graph definitions. The issue is present in versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, with the vulnerability being mitigated by patches in those pat...

5.4CVSS5.7AI score0.00231EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 10:33 p.m.3 views

CVE-2026-33395 Discourse has stored click‑based XSS via Graphviz SVG javascript: links

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. F...

4.4CVSS5.7AI score0.00231EPSS
Exploits0References4
OSV
OSV
added 2024/03/18 8:26 p.m.1 views

GHSA-H2X6-5JX5-46HF RCE in TranformGraph().to_dot_graph function

Summary RCE due to improper input validation in TranformGraph.todotgraph function Details Due to improper input validation a malicious user can provide a command or a script file as a value to savelayout argument, which will be placed as the first value in a list of arguments passed to...

8.4CVSS6.1AI score0.01124EPSS
Exploits1References5
OSV
OSV
added 2024/03/18 7:15 p.m.3 views

UBUNTU-CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

8.4CVSS7.8AI score0.01124EPSS
Exploits1References4
Rows per page
Query Builder