Lucene search
K

4 matches found

OSV
OSV
added 2026/03/27 7:9 a.m.3 views

BIT-DISCOURSE-2026-27570 Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. As a...

6.1CVSS5.8AI score0.00347EPSS
Exploits0References5
NVD
NVD
added 2026/03/19 9:17 p.m.4 views

CVE-2026-27570

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

6.1CVSS0.00347EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 8:52 p.m.3 views

CVE-2026-27570 Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

5.1CVSS5.8AI score0.00347EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/02/15 8:15 p.m.6 views

CVE-2022-23641 Denial of Service in Discourse

Discourse is an open source discussion platform. In versions prior to 2.8.1 in the stable branch, 2.9.0.beta2 in the beta branch, and 2.9.0.beta2 in the tests-passed branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an...

6.5CVSS6.3AI score0.01141EPSS
Exploits0References3
Rows per page
Query Builder