Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability is fixed in 3.2.3 and 3.3.0.beta3.
History

Wed, 11 Sep 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Discourse
Discourse discourse
CPEs cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:*
Vendors & Products Discourse
Discourse discourse

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-30T14:10:24.804Z

Updated: 2024-08-02T03:50:55.188Z

Reserved: 2024-06-03T17:29:38.330Z

Link: CVE-2024-37165

cve-icon Vulnrichment

Updated: 2024-08-02T03:50:55.188Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-30T15:15:11.617

Modified: 2024-09-11T13:52:20.730

Link: CVE-2024-37165

cve-icon Redhat

No data.