Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-16T21:05:31.991Z
Updated: 2024-09-16T15:51:43.554Z
Reserved: 2023-09-20T15:35:38.148Z
Link: CVE-2023-43659
Vulnrichment
Updated: 2024-08-02T19:44:43.790Z
NVD
Status : Analyzed
Published: 2023-10-16T22:15:12.237
Modified: 2023-10-19T17:56:26.263
Link: CVE-2023-43659
Redhat
No data.