4 matches found
EUVD-2025-2877
Malicious code in bioql PyPI...
CVE-2025-22602
Discourse vulnerability CVE-2025-22602: Stored DOM-based XSS via video placeholders in Discourse posts can allow arbitrary JavaScript execution in users’ browsers when CSP is disabled. Descriptions across multiple sources confirm the issue is triggered by a malicious video placeholder HTML elemen...
CVE-2025-22602 Stored DOM-based XSS (without CSP) via video placeholders in Discourse
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest...
Discourse 跨站脚本漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability that originates from an attacker being able to execute arbitrary JavaScript code on a...