One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 8304605 |
| Date de publication | 2023-01-26 21:18:12 (vue: 2023-01-27 00:08:34) |
| Titre | CVE-2023-22468 |
| Texte | Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. This vulnerability is patched in versions 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed). As a workaround, enable and/or restore your site's CSP to the default one provided with Discourse. |
| Notes | |
| Envoyé | Oui |
| Condensat | 0beta16 2023 22468 and/or are attacks beta beta16 can carry community content crafted cross csp cve default disabled discourse discussion enable included maliciously one open out overly passed patched permissive platform policy post prevents prior provided restore scripting security site sites source stable tests url versions vulnerability vulnerable workaround your |
| Tags | Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.