CNNVD-202601-4698 Information
CNNVD ID
CNNVD-202601-4698
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.4之前版本、2025.11.2之前版本、2025.12.1之前版本和2026.1.0之前版本存在安全漏洞,该漏洞源于Discourse Math插件在使用KaTeX变体时存在内容安全策略缓解的跨站脚本漏洞。
Description (English)
Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is a security loophole in previous versions of Discourse 3.5.4, before 2025.11.2, before 2025.12.1 and before 2026.1.0, which is the result of a cross-site script gap mitigated by a content security strategy when using the Discourse Math plugin using the KaTeX variant.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Discourse
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/discourse/discourse/security/advisories/GHSA-955h-m28g-5379 https://access.redhat.com/security/cve/cve-2025-67723
Patch
https://github.com/discourse/discourse/tags
Share on: