Описание
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches. There are no known workarounds.
Ссылки
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.3 (исключая)Версия до 3.2.0 (исключая)
Одно из
cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*
EPSS
Процентиль: 94%
0.1184
Средний
5.3 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-74
CWE-79
EPSS
Процентиль: 94%
0.1184
Средний
5.3 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-74
CWE-79