CNNVD-202506-3152 Information

CNNVD ID

CNNVD-202506-3152

Related CVE

CVE-2025-48954

• CNNVD Published: 2025-06-25

Description (Chinese)

Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.0.beta6之前版本存在跨站脚本漏洞，该漏洞源于未启用内容安全策略时可能导致跨站脚本攻击。

Description (English)

Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. The previous version of Discourse 3.5.0.beta6 had a cross-site script loophole, which stemmed from the risk of a cross-site script attack if the content security strategy was not activated.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

Diskover

Published

2025-06-25

Last Modified

2026-02-24

References

https://github.com/discourse/discourse/security/advisories/GHSA-26p5-mjjh-wfcf https://nvd.nist.gov/vuln/detail/CVE-2025-48954

Patch

https://github.com/discourse/discourse/tags