Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-16T21:05:31.991Z

Updated: 2024-09-16T15:51:43.554Z

Reserved: 2023-09-20T15:35:38.148Z

Link: CVE-2023-43659

cve-icon Vulnrichment

Updated: 2024-08-02T19:44:43.790Z

cve-icon NVD

Status : Analyzed

Published: 2023-10-16T22:15:12.237

Modified: 2023-10-19T17:56:26.263

Link: CVE-2023-43659

cve-icon Redhat

No data.