2 matches found
CVE-2022-31059
CVE-2022-31059 affects the Discourse Calendar plugin for Discourse. Before version 1.0.1, parsing and rendering of Event names can be vulnerable to cross-site scripting (XSS) attacks when a site has modified or disabled Discourse’s default Content Security Policy. The issue is patched in version ...
CVE-2024-21658
CVE-2024-21658 affects the discourse-calendar plugin for Discourse. The issue is an overly loose restriction on the region value length, which can cause a Discourse instance to consume excessive bandwidth and disk space. The vulnerability is fixed in the main branch; there are no public workaroun...