Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text editor. This issue is fixed in version 3.5.1.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 02 Oct 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Discourse
Discourse discourse
Vendors & Products Discourse
Discourse discourse

Wed, 01 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Oct 2025 19:00:00 +0000

Type Values Removed Values Added
Description Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text editor. This issue is fixed in version 3.5.1.
Title Discourse is vulnerable to XSS when quoting chat messages
Weaknesses CWE-80
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-10-01T19:24:29.602Z

Reserved: 2025-08-22T14:30:32.221Z

Link: CVE-2025-58054

cve-icon Vulnrichment

Updated: 2025-10-01T19:04:03.917Z

cve-icon NVD

Status : Received

Published: 2025-10-01T19:15:36.150

Modified: 2025-10-01T19:15:36.150

Link: CVE-2025-58054

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-02T08:38:20Z