Описание
Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the tests-passed branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the tests-passed branch. There are no known workarounds.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:discourse:discourse:3.1.0:beta2:*:*:beta:*:*:*
EPSS
Процентиль: 44%
0.00213
Низкий
6.5 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
EPSS
Процентиль: 44%
0.00213
Низкий
6.5 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79