CVE-2024-23834

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-23834
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23834.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-23834
Aliases
Published
2024-01-30T21:31:35.617Z
Modified
2026-04-16T03:47:12.504053Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Discourse improperly sanitized user input leads to XSS
Details

Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include unsafe-inline.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23834.json",
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/discourse/discourse

Affected ranges

Type
GIT
Repo
https://github.com/discourse/discourse
Events
Introduced
a9cc379121e30f86128677c71dbb42c30100598a
Fixed
b2b1e721b5ef194cc01c17ca06be86b8c88e88e1

Affected versions

v3.*
v3.2.0.beta1
v3.2.0.beta2
v3.2.0.beta3
v3.2.0.beta4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23834.json"