4 matches found
BIT-DISCOURSE-2026-33395 Discourse has stored click‑based XSS via Graphviz SVG javascript: links
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. For...
CVE-2026-33395
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. F...
CVE-2026-33395 Discourse has stored click‑based XSS via Graphviz SVG javascript: links
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting XSS vulnerability that allows authenticated users to inject malicious JavaScript code through DOT graph definitions. F...
Discourse 跨站脚本漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contained a cross-site scripting vulnerability. This vulnerability...