CVE-2023-22455

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-22455
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-22455.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-22455
Aliases
Published
2023-01-05T20:02:40.608Z
Modified
2025-11-29T13:53:24.822192Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Discourse vulnerable to Cross-site Scripting through tag descriptions
Details

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. Versions 2.8.14 and 3.0.0.beta16 contain a patch.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/22xxx/CVE-2023-22455.json",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type
GIT
Repo
https://github.com/discourse/discourse
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
df6d323bd187746e254538c81ed29181efc2abe3

Affected versions

v0.*

v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.2.5
v0.9.2.6
v0.9.3
v0.9.3.5
v0.9.4
v0.9.5
v0.9.5.1
v0.9.5.2
v0.9.6
v0.9.6.1
v0.9.6.2
v0.9.6.3
v0.9.6.4
v0.9.7
v0.9.7.1
v0.9.7.2
v0.9.7.3
v0.9.7.4
v0.9.7.5
v0.9.7.6
v0.9.7.7
v0.9.7.8
v0.9.7.9
v0.9.8
v0.9.8.1
v0.9.8.10
v0.9.8.11
v0.9.8.2
v0.9.8.3
v0.9.8.4
v0.9.8.5
v0.9.8.6
v0.9.8.7
v0.9.8.8
v0.9.8.9
v0.9.9.1
v0.9.9.10
v0.9.9.11
v0.9.9.12
v0.9.9.13
v0.9.9.14
v0.9.9.15
v0.9.9.16
v0.9.9.17
v0.9.9.18
v0.9.9.2
v0.9.9.3
v0.9.9.4
v0.9.9.5
v0.9.9.6
v0.9.9.7
v0.9.9.8
v0.9.9.9

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.1.0.beta2
v1.1.0.beta3
v1.1.0.beta4
v1.1.0.beta5
v1.1.0.beta6
v1.1.0.beta6b
v1.1.0.beta7
v1.1.0.beta8
v1.1.1
v1.1.2
v1.1.3
v1.2.0
v1.2.0.beta1
v1.2.0.beta2
v1.2.0.beta3
v1.2.0.beta4
v1.2.0.beta5
v1.2.0.beta6
v1.2.0.beta7
v1.2.0.beta8
v1.2.0.beta9
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3.0
v1.3.0.beta1
v1.3.0.beta10
v1.3.0.beta11
v1.3.0.beta2
v1.3.0.beta3
v1.3.0.beta4
v1.3.0.beta5
v1.3.0.beta6
v1.3.0.beta7
v1.3.0.beta9
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.4.0
v1.4.0.beta1
v1.4.0.beta10
v1.4.0.beta11
v1.4.0.beta12
v1.4.0.beta2
v1.4.0.beta3
v1.4.0.beta4
v1.4.0.beta5
v1.4.0.beta6
v1.4.0.beta7
v1.4.0.beta8
v1.4.0.beta9
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.5.0
v1.5.0.beta1
v1.5.0.beta10
v1.5.0.beta11
v1.5.0.beta12
v1.5.0.beta13
v1.5.0.beta13b
v1.5.0.beta14
v1.5.0.beta2
v1.5.0.beta3
v1.5.0.beta4
v1.5.0.beta5
v1.5.0.beta6
v1.5.0.beta7
v1.5.0.beta8
v1.5.0.beta9
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.6.0
v1.6.0.beta1
v1.6.0.beta10
v1.6.0.beta11
v1.6.0.beta12
v1.6.0.beta2
v1.6.0.beta3
v1.6.0.beta4
v1.6.0.beta5
v1.6.0.beta6
v1.6.0.beta7
v1.6.0.beta8
v1.6.0.beta9
v1.6.1
v1.6.10
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.0.beta1
v1.7.0.beta10
v1.7.0.beta11
v1.7.0.beta2
v1.7.0.beta3
v1.7.0.beta4
v1.7.0.beta5
v1.7.0.beta6
v1.7.0.beta7
v1.7.0.beta8
v1.7.0.beta9
v1.7.1
v1.7.10
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.8.0
v1.8.0.beta1
v1.8.0.beta10
v1.8.0.beta11
v1.8.0.beta12
v1.8.0.beta13
v1.8.0.beta2
v1.8.0.beta3
v1.8.0.beta4
v1.8.0.beta5
v1.8.0.beta6
v1.8.0.beta7
v1.8.0.beta8
v1.8.0.beta9
v1.8.1
v1.8.10
v1.8.11
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9
v1.9.0
v1.9.0.beta1
v1.9.0.beta10
v1.9.0.beta11
v1.9.0.beta12
v1.9.0.beta13
v1.9.0.beta14
v1.9.0.beta15
v1.9.0.beta16
v1.9.0.beta17
v1.9.0.beta2
v1.9.0.beta3
v1.9.0.beta4
v1.9.0.beta5
v1.9.0.beta6
v1.9.0.beta7
v1.9.0.beta8
v1.9.0.beta9
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7

v2.*

v2.0.0
v2.0.0.beta1
v2.0.0.beta10
v2.0.0.beta2
v2.0.0.beta3
v2.0.0.beta4
v2.0.0.beta5
v2.0.0.beta6
v2.0.0.beta7
v2.0.0.beta8
v2.0.0.beta9
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.1.0
v2.1.0.beta1
v2.1.0.beta2
v2.1.0.beta3
v2.1.0.beta4
v2.1.0.beta5
v2.1.0.beta6
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.2.0
v2.2.0.beta1
v2.2.0.beta10
v2.2.0.beta2
v2.2.0.beta3
v2.2.0.beta4
v2.2.0.beta5
v2.2.0.beta6
v2.2.0.beta7
v2.2.0.beta8
v2.2.0.beta9
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.3.0
v2.3.0.beta1
v2.3.0.beta10
v2.3.0.beta11
v2.3.0.beta2
v2.3.0.beta3
v2.3.0.beta4
v2.3.0.beta5
v2.3.0.beta6
v2.3.0.beta7
v2.3.0.beta8
v2.3.0.beta9
v2.3.1
v2.3.10
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.0.beta1
v2.4.0.beta10
v2.4.0.beta11
v2.4.0.beta2
v2.4.0.beta3
v2.4.0.beta4
v2.4.0.beta5
v2.4.0.beta6
v2.4.0.beta7
v2.4.0.beta8
v2.4.0.beta9
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.5.0
v2.5.0.beta1
v2.5.0.beta2
v2.5.0.beta3
v2.5.0.beta4
v2.5.0.beta5
v2.5.0.beta6
v2.5.0.beta7
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.6.0
v2.6.0.beta1
v2.6.0.beta2
v2.6.0.beta3
v2.6.0.beta4
v2.6.0.beta5
v2.6.0.beta6
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.7.0
v2.7.0.beta1
v2.7.0.beta2
v2.7.0.beta3
v2.7.0.beta4
v2.7.0.beta5
v2.7.0.beta6
v2.7.0.beta7
v2.7.0.beta8
v2.7.0.beta9
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.0.beta1
v2.8.0.beta10
v2.8.0.beta11
v2.8.0.beta2
v2.8.0.beta3
v2.8.0.beta4
v2.8.0.beta5
v2.8.0.beta6
v2.8.0.beta7
v2.8.0.beta8
v2.8.0.beta9
v2.8.1
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-22455.json"