Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Discourse is vulnerable to XSS when quoting chat messages
Vulnerability Description
Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text editor. This issue is fixed in version 3.5.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)
Vulnerability Title
Discourse 安全漏洞
Vulnerability Description
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.0及之前版本存在安全漏洞,该漏洞源于在使用富文本编辑器时,容易通过引用消息功能解析和呈现聊天频道标题和聊天线程标题,存在跨站脚本攻击风险。
CVSS Information
N/A
Vulnerability Type
N/A