CVE-2023-43657
Summary: CVE-2023-43657 affects the discourse-encrypt plugin for Discourse. The issue is an improper escaping of encrypted topic titles that can lead to cross-site scripting (XSS) when CSP headers are disabled (a non-default configuration). The problem is addressed by commit 9c75810af9, included ...