CVE-2024-43408

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-43408

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43408.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-43408

Aliases

GHSA-9wx4-cmv3-g5jw

Published

2024-08-20T16:28:48.424Z

Modified

2026-04-02T12:18:21.928760Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

Discourse Placeholder Forms has a XSS stopped by CSP

Details

Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43408.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Git / github.com/discourse/discourse-placeholder-theme-component

Affected ranges

Type: GIT
Repo: https://github.com/discourse/discourse-placeholder-theme-component
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a62f711d5600e4e5d86f342d52932cb6221672e7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43408.json"