Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability is fixed in 3.2.3 and 3.3.0.beta3.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Sep 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Discourse
Discourse discourse |
|
CPEs | cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:* cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:* |
|
Vendors & Products |
Discourse
Discourse discourse |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-07-30T14:10:24.804Z
Updated: 2024-08-02T03:50:55.188Z
Reserved: 2024-06-03T17:29:38.330Z
Link: CVE-2024-37165
Vulnrichment
Updated: 2024-08-02T03:50:55.188Z
NVD
Status : Analyzed
Published: 2024-07-30T15:15:11.617
Modified: 2024-09-11T13:52:20.730
Link: CVE-2024-37165
Redhat
No data.