CVE-2023-22454

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...

CVE-2023-22454 Discourse vulnerable to Cross-site Scripting through pending post titles descriptions

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...

PT-2023-18510 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.14 on the stable branch Discourse versions prior to 3.0.0.beta16 on the beta and tests-passed branches Description: The issue concerns a cross-site scripting attack through pending post titles, which can be...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes community, email and chat room features. Discourse suffers from a cross-site scripting vulnerability that stems from its pending post titles allowing an attacker to implement cross-site scripting. When a category has...