Unrated severityNVD Advisory· Published Jan 30, 2024· Updated Oct 17, 2024

Discourse improperly sanitized user input leads to XSS

CVE-2024-23834

Description

Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include unsafe-inline.

Affected products

Discourse (software)/Discoursev5
Range: < 3.1.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000mitrex_refsource_MISC
github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pcmitrex_refsource_CONFIRM
meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094mitrex_refsource_MISC
meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000