Описание
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include unsafe-inline.
Ссылки
- Patch
- Vendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Patch
- Vendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.5 (исключая)Версия до 3.2.0 (исключая)
Одно из
cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*
cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta1:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta2:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta3:*:*:beta:*:*:*
cpe:2.3:a:discourse:discourse:3.2.0:beta4:*:*:beta:*:*:*
EPSS
Процентиль: 60%
0.00392
Низкий
6.3 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
EPSS
Процентиль: 60%
0.00392
Низкий
6.3 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79