CNNVD-202508-2182 Information
CNNVD ID
CNNVD-202508-2182
Related CVE
- CNNVD Published: 2025-08-19
Description (Chinese)
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse存在跨站脚本漏洞,该漏洞源于欢迎横幅中直接插入了未转义的用户名字符串,受到跨站脚本攻击。
Description (English)
Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. Discourse has a cross-site script loophole, which stems from the direct insertion of untransformed user name strings in the welcome banner and from the cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Discourse
Published
2025-08-19
Last Modified
2026-02-24
References
https://github.com/discourse/discourse/security/advisories/GHSA-5mm6-j5vq-6884 https://github.com/discourse/discourse/commit/a3374d2850f07444d113216e1d539ee21650dbff https://access.redhat.com/security/cve/cve-2025-54411 https://nvd.nist.gov/vuln/detail/CVE-2025-54411
Patch
https://blog.discourse.org/tag/updates/
Share on: