Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML. This includes inviting someone (without an account) to a PM and inviting someone (without an account) to a topic with a custom message. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. This can be worked around if the relevant templates are overridden without `{topic_title}`.
Metrics
Affected Vendors & Products
References
History
Mon, 25 Aug 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:* cpe:2.3:a:discourse:discourse:3.5.0:-:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.5.0:beta1:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.5.0:beta2:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.5.0:beta3:*:*:beta:*:*:* cpe:2.3:a:discourse:discourse:3.5.0:beta4:*:*:beta:*:*:* |
Fri, 11 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Mon, 09 Jun 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 09 Jun 2025 12:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML. This includes inviting someone (without an account) to a PM and inviting someone (without an account) to a topic with a custom message. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. This can be worked around if the relevant templates are overridden without `{topic_title}`. | |
Title | Discourse vulnerable to HTML injection when inviting to topic via email | |
Weaknesses | CWE-116 CWE-79 |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-06-09T13:00:15.272Z
Reserved: 2025-05-15T16:06:40.941Z
Link: CVE-2025-48062

Updated: 2025-06-09T13:00:00.663Z

Status : Analyzed
Published: 2025-06-09T13:15:23.320
Modified: 2025-08-25T15:07:27.160
Link: CVE-2025-48062

No data.

Updated: 2025-06-24T09:44:14Z