CNNVD-202510-027 Information
CNNVD ID
CNNVD-202510-027
Related CVE
- CNNVD Published: 2025-10-01
Description (Chinese)
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.0及之前版本存在安全漏洞,该漏洞源于在使用富文本编辑器时,容易通过引用消息功能解析和呈现聊天频道标题和聊天线程标题,存在跨站脚本攻击风险。
Description (English)
Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is a security loophole in Discourse 3.5.0 and previous versions, which stems from the risk of a cross-site script attack when using a rich text editor, which can easily resolve and present chat channel titles and chat line headings by quoting messages.
Hazard Level
Critical
Vulnerability Type
其他
Published
2025-10-01
Last Modified
2026-02-24
References
https://github.com/discourse/discourse/commit/3a224fd546d894ee408e7414b6879e814a792f91 https://github.com/discourse/discourse/security/advisories/GHSA-7p47-8m82-m2vf
Patch
https://github.com/discourse/discourse/tags
Share on: