BIT-discourse-2021-41095
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2021-41095.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-discourse-2021-41095
- Aliases
- Published
- 2024-03-06T11:09:23.967Z
- Modified
- 2025-04-03T14:40:37.652Z
- Summary
- [none]
- Details
-
Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and earlier of the
stablebranch, versions 2.8.0.beta6 and earlier of thebetabranch, and versions 2.8.0.beta6 and earlier of thetests-passedbranch. Rendering of some error messages that contain user input can be susceptible to XSS attacks. This vulnerability only affects sites which have blocked watched words that contain HTML tags, modified or disabled Discourse's default Content Security Policy. This issue is patched in the lateststable,betaandtests-passedversions of Discourse. As a workaround, avoid modifying or disabling Discourse’s default Content Security Policy, and blocking watched words containing HTML tags. - Database specific
{ "cpes": [ "cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / discourse
Package
- Name
- discourse
- Purl
- pkg:bitnami/discourse
Severity
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected2.7.7Introduced2.8.0-beta1Last affected2.8.0-beta1Introduced2.8.0-beta2Last affected2.8.0-beta2Introduced2.8.0-beta3Last affected2.8.0-beta3Introduced2.8.0-beta4Last affected2.8.0-beta4Introduced2.8.0-beta5Last affected2.8.0-beta5Introduced2.8.0-beta6Last affected2.8.0-beta6