Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-48954 PoC — Discourse 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-48954.yaml
Associated Vulnerability
Title:Discourse 跨站脚本漏洞 (CVE-2025-48954)
Description:Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.0.beta6之前版本存在跨站脚本漏洞,该漏洞源于未启用内容安全策略时可能导致跨站脚本攻击。
Description
Discourse versions prior to 3.5.0.beta6 contain a stored Cross-Site Scripting (XSS) vulnerability in the OAuth/social login functionality. The vulnerability is caused by lack of proper content security policy enforcement when processing social login failures,allowing remote attackers to inject and execute malicious scripts in users' browsers.
File Snapshot

 id: CVE-2025-48954

info:
  name: Discourse OAuth Social Login - Cross-site Scripting
  author: ferr

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.