Search criteria
468 vulnerabilities found for discourse by discourse
CVE-2025-61598 (GCVE-0-2025-61598)
Vulnerability from nvd – Published: 2025-10-28 20:38 – Updated: 2025-10-29 13:43
VLAI?
Summary
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2.
Severity ?
CWE
- CWE-524 - Use of Cache Containing Sensitive Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T13:41:37.647894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T13:43:00.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.2"
},
{
"status": "affected",
"version": "\u003e= 3.6.0.beta1, \u003c 3.6.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524: Use of Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T20:38:54.753Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jp9x-wwv6-cv3j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jp9x-wwv6-cv3j"
},
{
"name": "https://github.com/discourse/discourse/commit/3ea1b663c82c067e5ca778db846bad1e082ba6cd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/3ea1b663c82c067e5ca778db846bad1e082ba6cd"
},
{
"name": "https://github.com/discourse/discourse/commit/fd567af7bf5a15c70772021acbdf5d38487a31bc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/fd567af7bf5a15c70772021acbdf5d38487a31bc"
}
],
"source": {
"advisory": "GHSA-jp9x-wwv6-cv3j",
"discovery": "UNKNOWN"
},
"title": "Discourse is missing Cache-Control response header on error responses"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61598",
"datePublished": "2025-10-28T20:38:54.753Z",
"dateReserved": "2025-09-26T16:25:25.151Z",
"dateUpdated": "2025-10-29T13:43:00.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59337 (GCVE-0-2025-59337)
Vulnerability from nvd – Published: 2025-10-01 20:41 – Updated: 2025-10-02 15:56
VLAI?
Summary
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T13:37:45.733912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:56:54.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:41:45.833Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-7xjr-4f4g-9887",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7xjr-4f4g-9887"
},
{
"name": "https://github.com/discourse/discourse/commit/43536b60d012cc8084e7e701d6afab9ba01e28a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/43536b60d012cc8084e7e701d6afab9ba01e28a5"
}
],
"source": {
"advisory": "GHSA-7xjr-4f4g-9887",
"discovery": "UNKNOWN"
},
"title": "Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59337",
"datePublished": "2025-10-01T20:41:45.833Z",
"dateReserved": "2025-09-12T12:36:24.635Z",
"dateUpdated": "2025-10-02T15:56:54.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58055 (GCVE-0-2025-58055)
Vulnerability from nvd – Published: 2025-10-01 18:48 – Updated: 2025-10-23 13:20
VLAI?
Summary
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topic_id” value in API requests to the AI suggestion endpoints, users could target specific restricted topics. The AI model’s responses then disclosed information that the authenticated user couldn’t normally access. This issue is fixed in version 3.5.1. To workaround this issue, users can restrict group access to the AI helper feature through the "composer_ai_helper_allowed_groups" and "post_ai_helper_allowed_groups" site settings.
Severity ?
4.3 (Medium)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T18:56:22.028205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:24:12.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-10-23T13:20:54.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-58055-detect-discourse-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-58055-mitigate-discourse-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic \u201cTitle\u201d, \u201cCategory\u201d, and \u201cTags\u201d allowed authenticated users to extract information about topics that they weren\u2019t authorized to access. By modifying the \u201ctopic_id\u201d value in API requests to the AI suggestion endpoints, users could target specific restricted topics. The AI model\u2019s responses then disclosed information that the authenticated user couldn\u2019t normally access. This issue is fixed in version 3.5.1. To workaround this issue, users can restrict group access to the AI helper feature through the \"composer_ai_helper_allowed_groups\" and \"post_ai_helper_allowed_groups\" site settings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T18:48:55.853Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-32v2-x274-vfhr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-32v2-x274-vfhr"
},
{
"name": "https://github.com/discourse/discourse/commit/28d569cae9b33cd55d647bf41806106e33d975c9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/28d569cae9b33cd55d647bf41806106e33d975c9"
}
],
"source": {
"advisory": "GHSA-32v2-x274-vfhr",
"discovery": "UNKNOWN"
},
"title": "Discourse AI Suggestions Contain Insecure Direct Object Reference"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58055",
"datePublished": "2025-10-01T18:48:55.853Z",
"dateReserved": "2025-08-22T14:30:32.221Z",
"dateUpdated": "2025-10-23T13:20:54.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58054 (GCVE-0-2025-58054)
Vulnerability from nvd – Published: 2025-10-01 18:42 – Updated: 2025-10-01 19:24
VLAI?
Summary
Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text editor. This issue is fixed in version 3.5.1.
Severity ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:03:59.856488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:24:29.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text editor. This issue is fixed in version 3.5.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T18:42:54.700Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-7p47-8m82-m2vf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7p47-8m82-m2vf"
},
{
"name": "https://github.com/discourse/discourse/commit/3a224fd546d894ee408e7414b6879e814a792f91",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/3a224fd546d894ee408e7414b6879e814a792f91"
}
],
"source": {
"advisory": "GHSA-7p47-8m82-m2vf",
"discovery": "UNKNOWN"
},
"title": "Discourse is vulnerable to XSS when quoting chat messages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58054",
"datePublished": "2025-10-01T18:42:54.700Z",
"dateReserved": "2025-08-22T14:30:32.221Z",
"dateUpdated": "2025-10-01T19:24:29.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54411 (GCVE-0-2025-54411)
Vulnerability from nvd – Published: 2025-08-19 16:41 – Updated: 2025-08-19 19:17
VLAI?
Summary
Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonate
any users for the time being. This vulnerability is fixed in 3.5.0.beta8.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T19:17:21.872267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T19:17:28.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.0.beta8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonate\nany users for the time being. This vulnerability is fixed in 3.5.0.beta8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T16:41:40.362Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-5mm6-j5vq-6884",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5mm6-j5vq-6884"
},
{
"name": "https://github.com/discourse/discourse/commit/a3374d2850f07444d113216e1d539ee21650dbff",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/a3374d2850f07444d113216e1d539ee21650dbff"
}
],
"source": {
"advisory": "GHSA-5mm6-j5vq-6884",
"discovery": "UNKNOWN"
},
"title": "Discourse welcome banner user name XSS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54411",
"datePublished": "2025-08-19T16:41:40.362Z",
"dateReserved": "2025-07-21T23:18:10.280Z",
"dateUpdated": "2025-08-19T19:17:28.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53102 (GCVE-0-2025-53102)
Vulnerability from nvd – Published: 2025-07-29 19:24 – Updated: 2025-07-29 19:33
VLAI?
Summary
Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared from the user’s session after authentication, potentially allowing reuse and increasing security risk. This is fixed in versions 3.4.7 and 3.5.0.beta.8.
Severity ?
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53102",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T19:33:36.975492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T19:33:43.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.5.0.beta1, \u003c 3.5.0.beta.8"
},
{
"status": "affected",
"version": "\u003c 3.4.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared from the user\u2019s session after authentication, potentially allowing reuse and increasing security risk. This is fixed in versions 3.4.7 and 3.5.0.beta.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T19:24:06.076Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-hv49-93h5-4wcv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hv49-93h5-4wcv"
},
{
"name": "https://github.com/discourse/discourse/commit/20bf65099bb861a141bc10e8a4eab65329d91802",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/20bf65099bb861a141bc10e8a4eab65329d91802"
},
{
"name": "https://github.com/discourse/discourse/commit/8bc0cee2c00a514ea60f33ea6172da2ce5a05beb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/8bc0cee2c00a514ea60f33ea6172da2ce5a05beb"
}
],
"source": {
"advisory": "GHSA-hv49-93h5-4wcv",
"discovery": "UNKNOWN"
},
"title": "Discourse\u0027s WebAuthn challenge isn\u0027t cleared from user session after authentication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53102",
"datePublished": "2025-07-29T19:24:06.076Z",
"dateReserved": "2025-06-25T13:41:23.086Z",
"dateUpdated": "2025-07-29T19:33:43.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49845 (GCVE-0-2025-49845)
Vulnerability from nvd – Published: 2025-06-25 15:39 – Updated: 2025-06-26 19:44
VLAI?
Summary
Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`. However, it has been discovered that users of versions prior to 3.4.6 on the `stable` branch and prior to 3.5.0.beta8-dev on the `tests-passed` branch can continue to see their own whispers even after losing visibility of posts typed `whisper`. This issue is patched in versions 3.4.6 and 3.5.0.beta8-dev. No known workarounds are available.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T19:44:43.264019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T19:44:55.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.6"
},
{
"status": "affected",
"version": "\u003e= 3.5.0.beta0-dev, \u003c 3.5.0.beta8-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`. However, it has been discovered that users of versions prior to 3.4.6 on the `stable` branch and prior to 3.5.0.beta8-dev on the `tests-passed` branch can continue to see their own whispers even after losing visibility of posts typed `whisper`. This issue is patched in versions 3.4.6 and 3.5.0.beta8-dev. No known workarounds are available."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T15:39:01.328Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-79qw-r73r-69gf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-79qw-r73r-69gf"
}
],
"source": {
"advisory": "GHSA-79qw-r73r-69gf",
"discovery": "UNKNOWN"
},
"title": "Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49845",
"datePublished": "2025-06-25T15:39:01.328Z",
"dateReserved": "2025-06-11T14:33:57.800Z",
"dateUpdated": "2025-06-26T19:44:55.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48954 (GCVE-0-2025-48954)
Vulnerability from nvd – Published: 2025-06-25 14:02 – Updated: 2025-06-25 14:19
VLAI?
Summary
Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled.
Severity ?
8.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T14:18:06.577106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T14:19:13.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.0.beta6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn\u0027t enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T14:02:46.515Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-26p5-mjjh-wfcf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-26p5-mjjh-wfcf"
}
],
"source": {
"advisory": "GHSA-26p5-mjjh-wfcf",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to XSS via user-provided query parameter in oauth failure flow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48954",
"datePublished": "2025-06-25T14:02:46.515Z",
"dateReserved": "2025-05-28T18:49:07.585Z",
"dateUpdated": "2025-06-25T14:19:13.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48877 (GCVE-0-2025-48877)
Vulnerability from nvd – Published: 2025-06-09 12:36 – Updated: 2025-06-09 15:17
VLAI?
Summary
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site's `allowed_iframes`.
Severity ?
CWE
- CWE-1038 - Insecure Automated Optimizations
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:11:20.634452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:17:08.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.4"
},
{
"status": "affected",
"version": "\u003c 3.5.0.beta5"
},
{
"status": "affected",
"version": "\u003c 3.5.0.beta6-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site\u0027s `allowed_iframes`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038: Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T12:36:29.651Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-cm93-6m2m-cjcv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cm93-6m2m-cjcv"
}
],
"source": {
"advisory": "GHSA-cm93-6m2m-cjcv",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48877",
"datePublished": "2025-06-09T12:36:29.651Z",
"dateReserved": "2025-05-27T20:14:34.296Z",
"dateUpdated": "2025-06-09T15:17:08.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-61598
Vulnerability from fkie_nvd - Published: 2025-10-28 21:15 - Updated: 2025-12-03 16:31
Severity ?
Summary
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "DEEB60B8-86DD-4EFF-962F-C44D9FBF6876",
"versionEndExcluding": "3.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "4C433F55-3787-4B9E-8028-ED55F6B9056B",
"versionEndExcluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "C11E39E0-7F3D-4DBA-A8AD-7440BCEBB984",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2."
}
],
"id": "CVE-2025-61598",
"lastModified": "2025-12-03T16:31:01.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-10-28T21:15:40.110",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/3ea1b663c82c067e5ca778db846bad1e082ba6cd"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/fd567af7bf5a15c70772021acbdf5d38487a31bc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jp9x-wwv6-cv3j"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-524"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59337
Vulnerability from fkie_nvd - Published: 2025-10-01 21:16 - Updated: 2025-10-16 17:33
Severity ?
Summary
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "7D473258-2950-4A33-B2A4-ADA9152AC790",
"versionEndExcluding": "3.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "4C433F55-3787-4B9E-8028-ED55F6B9056B",
"versionEndExcluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "C11E39E0-7F3D-4DBA-A8AD-7440BCEBB984",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1."
}
],
"id": "CVE-2025-59337",
"lastModified": "2025-10-16T17:33:47.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-10-01T21:16:43.197",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/43536b60d012cc8084e7e701d6afab9ba01e28a5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7xjr-4f4g-9887"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-58055
Vulnerability from fkie_nvd - Published: 2025-10-01 19:15 - Updated: 2025-10-23 14:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topic_id” value in API requests to the AI suggestion endpoints, users could target specific restricted topics. The AI model’s responses then disclosed information that the authenticated user couldn’t normally access. This issue is fixed in version 3.5.1. To workaround this issue, users can restrict group access to the AI helper feature through the "composer_ai_helper_allowed_groups" and "post_ai_helper_allowed_groups" site settings.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "7D473258-2950-4A33-B2A4-ADA9152AC790",
"versionEndExcluding": "3.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "4C433F55-3787-4B9E-8028-ED55F6B9056B",
"versionEndExcluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "C11E39E0-7F3D-4DBA-A8AD-7440BCEBB984",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic \u201cTitle\u201d, \u201cCategory\u201d, and \u201cTags\u201d allowed authenticated users to extract information about topics that they weren\u2019t authorized to access. By modifying the \u201ctopic_id\u201d value in API requests to the AI suggestion endpoints, users could target specific restricted topics. The AI model\u2019s responses then disclosed information that the authenticated user couldn\u2019t normally access. This issue is fixed in version 3.5.1. To workaround this issue, users can restrict group access to the AI helper feature through the \"composer_ai_helper_allowed_groups\" and \"post_ai_helper_allowed_groups\" site settings."
}
],
"id": "CVE-2025-58055",
"lastModified": "2025-10-23T14:15:39.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-01T19:15:36.317",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/28d569cae9b33cd55d647bf41806106e33d975c9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-32v2-x274-vfhr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-58055-detect-discourse-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-58055-mitigate-discourse-vulnerability"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-58054
Vulnerability from fkie_nvd - Published: 2025-10-01 19:15 - Updated: 2025-10-23 15:09
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text editor. This issue is fixed in version 3.5.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "2923F397-B2C7-43C8-8DDF-CA59D6B27774",
"versionEndExcluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "4C433F55-3787-4B9E-8028-ED55F6B9056B",
"versionEndExcluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.6.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "C11E39E0-7F3D-4DBA-A8AD-7440BCEBB984",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text editor. This issue is fixed in version 3.5.1."
}
],
"id": "CVE-2025-58054",
"lastModified": "2025-10-23T15:09:44.777",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-01T19:15:36.150",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/3a224fd546d894ee408e7414b6879e814a792f91"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7p47-8m82-m2vf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-54411
Vulnerability from fkie_nvd - Published: 2025-08-19 17:15 - Updated: 2025-08-25 18:25
Severity ?
Summary
Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonate
any users for the time being. This vulnerability is fixed in 3.5.0.beta8.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "A0A6583A-A8AE-4C05-8947-79A0E4A73E1D",
"versionEndExcluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "66931995-F794-48F0-9DBB-9048B6C9D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B0461B93-273C-4305-80F9-C70A100B4DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "F1596D4E-FD8B-4443-AAAE-1D4AC6B1CE6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "997761D0-A8A1-438F-83DE-5E9E4890CEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "685B6537-929A-4DC9-8984-E114C5CB6E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D9D71C7F-CDE7-41DE-84DF-ACE62AD829B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "7406D79F-ADD6-4AA6-95C9-7CC3EB19DFC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonate\nany users for the time being. This vulnerability is fixed in 3.5.0.beta8."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. El nombre de usuario del banner de bienvenida para usuarios registrados puede ser vulnerable a ataques XSS, que afectan al usuario o a un administrador que se hace pasar por \u00e9l. Los administradores pueden modificar temporalmente el texto del sitio welcome_banner.header.logged_in_members para eliminar el marcador de posici\u00f3n preferred_display_name o no suplantar a ning\u00fan usuario por el momento. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 3.5.0.beta8."
}
],
"id": "CVE-2025-54411",
"lastModified": "2025-08-25T18:25:52.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-19T17:15:40.833",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/a3374d2850f07444d113216e1d539ee21650dbff"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory",
"Mitigation"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5mm6-j5vq-6884"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-53102
Vulnerability from fkie_nvd - Published: 2025-07-29 20:15 - Updated: 2025-08-25 17:47
Severity ?
Summary
Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared from the user’s session after authentication, potentially allowing reuse and increasing security risk. This is fixed in versions 3.4.7 and 3.5.0.beta.8.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "80C9BF5A-CF58-47C8-8972-8E72B5AE2F75",
"versionEndExcluding": "3.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "73CCF1CA-974D-46FC-AC27-08119E603047",
"versionEndIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "66931995-F794-48F0-9DBB-9048B6C9D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B0461B93-273C-4305-80F9-C70A100B4DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "F1596D4E-FD8B-4443-AAAE-1D4AC6B1CE6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "997761D0-A8A1-438F-83DE-5E9E4890CEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "685B6537-929A-4DC9-8984-E114C5CB6E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta6:*:*:beta:*:*:*",
"matchCriteriaId": "D9D71C7F-CDE7-41DE-84DF-ACE62AD829B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta7:*:*:beta:*:*:*",
"matchCriteriaId": "7406D79F-ADD6-4AA6-95C9-7CC3EB19DFC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared from the user\u2019s session after authentication, potentially allowing reuse and increasing security risk. This is fixed in versions 3.4.7 and 3.5.0.beta.8."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n comunitaria de c\u00f3digo abierto. Antes de la versi\u00f3n 3.4.7 en la rama \"stable\" y la versi\u00f3n 3.5.0.beta.8 en la rama \"tests-passed\", al emitir una clave de seguridad f\u00edsica para 2FA, el servidor generaba un desaf\u00edo de WebAuthn, que el cliente firmaba. El desaf\u00edo no se borraba de la sesi\u00f3n del usuario despu\u00e9s de la autenticaci\u00f3n, lo que podr\u00eda permitir la reutilizaci\u00f3n y aumentar el riesgo de seguridad. Esto se solucion\u00f3 en las versiones 3.4.7 y 3.5.0.beta.8."
}
],
"id": "CVE-2025-53102",
"lastModified": "2025-08-25T17:47:56.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T20:15:28.327",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/20bf65099bb861a141bc10e8a4eab65329d91802"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/discourse/discourse/commit/8bc0cee2c00a514ea60f33ea6172da2ce5a05beb"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hv49-93h5-4wcv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-49845
Vulnerability from fkie_nvd - Published: 2025-06-25 16:15 - Updated: 2025-08-25 15:13
Severity ?
Summary
Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`. However, it has been discovered that users of versions prior to 3.4.6 on the `stable` branch and prior to 3.5.0.beta8-dev on the `tests-passed` branch can continue to see their own whispers even after losing visibility of posts typed `whisper`. This issue is patched in versions 3.4.6 and 3.5.0.beta8-dev. No known workarounds are available.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "80C9BF5A-CF58-47C8-8972-8E72B5AE2F75",
"versionEndExcluding": "3.4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`. However, it has been discovered that users of versions prior to 3.4.6 on the `stable` branch and prior to 3.5.0.beta8-dev on the `tests-passed` branch can continue to see their own whispers even after losing visibility of posts typed `whisper`. This issue is patched in versions 3.4.6 and 3.5.0.beta8-dev. No known workarounds are available."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. La visibilidad de las publicaciones con el tipo \"whisper\" se controla mediante la configuraci\u00f3n del sitio \"whispers_allowed_groups\". Solo los usuarios que pertenecen a los grupos especificados en la configuraci\u00f3n del sitio pueden ver las publicaciones con este tipo. Sin embargo, se ha descubierto que los usuarios de versiones anteriores a la 3.4.6 en la rama \"stable\" y anteriores a la 3.5.0.beta8-dev en la rama \"tests-passed\" pueden seguir viendo sus propios \"whisper\" incluso despu\u00e9s de perder la visibilidad de las publicaciones con este tipo. Este problema se ha corregido en las versiones 3.4.6 y 3.5.0.beta8-dev. No se conocen soluciones alternativas."
}
],
"id": "CVE-2025-49845",
"lastModified": "2025-08-25T15:13:54.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-06-25T16:15:26.533",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-79qw-r73r-69gf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-48954
Vulnerability from fkie_nvd - Published: 2025-06-25 14:15 - Updated: 2025-09-25 20:27
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "A0A6583A-A8AE-4C05-8947-79A0E4A73E1D",
"versionEndExcluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "66931995-F794-48F0-9DBB-9048B6C9D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B0461B93-273C-4305-80F9-C70A100B4DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "F1596D4E-FD8B-4443-AAAE-1D4AC6B1CE6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "997761D0-A8A1-438F-83DE-5E9E4890CEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta5:*:*:beta:*:*:*",
"matchCriteriaId": "685B6537-929A-4DC9-8984-E114C5CB6E77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn\u0027t enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. Las versiones anteriores a la 3.5.0.beta6 son vulnerables a ataques de cross-site scripting cuando la pol\u00edtica de seguridad de contenido no est\u00e1 habilitada al usar inicios de sesi\u00f3n con redes sociales. La versi\u00f3n 3.5.0.beta6 soluciona el problema. Como soluci\u00f3n alternativa, active la pol\u00edtica de seguridad de contenido."
}
],
"id": "CVE-2025-48954",
"lastModified": "2025-09-25T20:27:53.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-25T14:15:24.777",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-26p5-mjjh-wfcf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-48053
Vulnerability from fkie_nvd - Published: 2025-06-09 13:15 - Updated: 2025-09-25 20:27
Severity ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. No known workarounds are available.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "4B5F12D3-D031-4EF6-B122-2F062FEF67B8",
"versionEndExcluding": "3.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "A0A6583A-A8AE-4C05-8947-79A0E4A73E1D",
"versionEndExcluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "66931995-F794-48F0-9DBB-9048B6C9D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B0461B93-273C-4305-80F9-C70A100B4DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "F1596D4E-FD8B-4443-AAAE-1D4AC6B1CE6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "997761D0-A8A1-438F-83DE-5E9E4890CEED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. No known workarounds are available."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En versiones anteriores a la 3.4.4 de la rama \"stable\", la 3.5.0.beta5 de la rama \"beta\" y la 3.5.0.beta6-dev de la rama \"tests-passed\", enviar una URL maliciosa en un mensaje privado a un usuario bot pod\u00eda reducir la disponibilidad de una instancia de Discourse. Este problema se ha corregido en las versiones 3.4.4 de la rama \"stable\", la 3.5.0.beta5 de la rama \"beta\" y la 3.5.0.beta6-dev de la rama \"tests-passed\". No se conocen soluciones alternativas."
}
],
"id": "CVE-2025-48053",
"lastModified": "2025-09-25T20:27:48.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-06-09T13:15:23.163",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-3q5q-qmrm-rvwx"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-48062
Vulnerability from fkie_nvd - Published: 2025-06-09 13:15 - Updated: 2025-09-26 13:05
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML. This includes inviting someone (without an account) to a PM and inviting someone (without an account) to a topic with a custom message. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. This can be worked around if the relevant templates are overridden without `{topic_title}`.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "4B5F12D3-D031-4EF6-B122-2F062FEF67B8",
"versionEndExcluding": "3.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "A0A6583A-A8AE-4C05-8947-79A0E4A73E1D",
"versionEndExcluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "66931995-F794-48F0-9DBB-9048B6C9D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B0461B93-273C-4305-80F9-C70A100B4DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "F1596D4E-FD8B-4443-AAAE-1D4AC6B1CE6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "997761D0-A8A1-438F-83DE-5E9E4890CEED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML. This includes inviting someone (without an account) to a PM and inviting someone (without an account) to a topic with a custom message. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. This can be worked around if the relevant templates are overridden without `{topic_title}`."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En versiones anteriores a la 3.4.4 de la rama `stable`, la 3.5.0.beta5 de la rama `beta` y la 3.5.0.beta6-dev de la rama `tests-passed`, ciertas invitaciones por correo electr\u00f3nico pod\u00edan provocar la inyecci\u00f3n de HTML en el cuerpo del correo si el t\u00edtulo del tema inclu\u00eda HTML. Esto incluye invitar a alguien (sin cuenta) a un mensaje privado y a un tema con un mensaje personalizado. Este problema se ha corregido en las versiones 3.4.4 de la rama `stable`, la 3.5.0.beta5 de la rama `beta` y la 3.5.0.beta6-dev de la rama `tests-passed`. Esto se puede solucionar sobrescribiendo las plantillas correspondientes sin `{topic_title}`."
}
],
"id": "CVE-2025-48062",
"lastModified": "2025-09-26T13:05:09.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-09T13:15:23.320",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-x8mp-chx3-6x2p"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-48877
Vulnerability from fkie_nvd - Published: 2025-06-09 13:15 - Updated: 2025-09-25 20:27
Severity ?
Summary
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site's `allowed_iframes`.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "4B5F12D3-D031-4EF6-B122-2F062FEF67B8",
"versionEndExcluding": "3.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*",
"matchCriteriaId": "A0A6583A-A8AE-4C05-8947-79A0E4A73E1D",
"versionEndExcluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta1:*:*:beta:*:*:*",
"matchCriteriaId": "66931995-F794-48F0-9DBB-9048B6C9D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta2:*:*:beta:*:*:*",
"matchCriteriaId": "B0461B93-273C-4305-80F9-C70A100B4DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta3:*:*:beta:*:*:*",
"matchCriteriaId": "F1596D4E-FD8B-4443-AAAE-1D4AC6B1CE6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:discourse:discourse:3.5.0:beta4:*:*:beta:*:*:*",
"matchCriteriaId": "997761D0-A8A1-438F-83DE-5E9E4890CEED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site\u0027s `allowed_iframes`."
},
{
"lang": "es",
"value": "Discourse es una plataforma de discusi\u00f3n de c\u00f3digo abierto. En versiones anteriores a la 3.4.4 de la rama `stable`, la 3.5.0.beta5 de la rama `beta` y la 3.5.0.beta6-dev de la rama `tests-passed`, Codepen est\u00e1 presente en la configuraci\u00f3n predeterminada del sitio `allowed_iframes` y puede ejecutar autom\u00e1ticamente c\u00f3digo JavaScript arbitrario en el \u00e1mbito de los iframes, lo cual no es intencionado. Este problema se ha corregido en la 3.4.4 de la rama `stable`, la 3.5.0.beta5 de la rama `beta` y la 3.5.0.beta6-dev de la rama `tests-passed`. Como soluci\u00f3n alternativa, se puede eliminar el prefijo Codepen de los `allowed_iframes` de un sitio."
}
],
"id": "CVE-2025-48877",
"lastModified": "2025-09-25T20:27:42.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "UNREPORTED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-06-09T13:15:23.500",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cm93-6m2m-cjcv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1038"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
CVE-2025-61598 (GCVE-0-2025-61598)
Vulnerability from cvelistv5 – Published: 2025-10-28 20:38 – Updated: 2025-10-29 13:43
VLAI?
Summary
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2.
Severity ?
CWE
- CWE-524 - Use of Cache Containing Sensitive Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T13:41:37.647894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T13:43:00.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.6.2"
},
{
"status": "affected",
"version": "\u003e= 3.6.0.beta1, \u003c 3.6.0.beta2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524: Use of Cache Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T20:38:54.753Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jp9x-wwv6-cv3j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jp9x-wwv6-cv3j"
},
{
"name": "https://github.com/discourse/discourse/commit/3ea1b663c82c067e5ca778db846bad1e082ba6cd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/3ea1b663c82c067e5ca778db846bad1e082ba6cd"
},
{
"name": "https://github.com/discourse/discourse/commit/fd567af7bf5a15c70772021acbdf5d38487a31bc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/fd567af7bf5a15c70772021acbdf5d38487a31bc"
}
],
"source": {
"advisory": "GHSA-jp9x-wwv6-cv3j",
"discovery": "UNKNOWN"
},
"title": "Discourse is missing Cache-Control response header on error responses"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61598",
"datePublished": "2025-10-28T20:38:54.753Z",
"dateReserved": "2025-09-26T16:25:25.151Z",
"dateUpdated": "2025-10-29T13:43:00.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59337 (GCVE-0-2025-59337)
Vulnerability from cvelistv5 – Published: 2025-10-01 20:41 – Updated: 2025-10-02 15:56
VLAI?
Summary
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T13:37:45.733912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T15:56:54.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:41:45.833Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-7xjr-4f4g-9887",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7xjr-4f4g-9887"
},
{
"name": "https://github.com/discourse/discourse/commit/43536b60d012cc8084e7e701d6afab9ba01e28a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/43536b60d012cc8084e7e701d6afab9ba01e28a5"
}
],
"source": {
"advisory": "GHSA-7xjr-4f4g-9887",
"discovery": "UNKNOWN"
},
"title": "Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59337",
"datePublished": "2025-10-01T20:41:45.833Z",
"dateReserved": "2025-09-12T12:36:24.635Z",
"dateUpdated": "2025-10-02T15:56:54.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58055 (GCVE-0-2025-58055)
Vulnerability from cvelistv5 – Published: 2025-10-01 18:48 – Updated: 2025-10-23 13:20
VLAI?
Summary
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topic_id” value in API requests to the AI suggestion endpoints, users could target specific restricted topics. The AI model’s responses then disclosed information that the authenticated user couldn’t normally access. This issue is fixed in version 3.5.1. To workaround this issue, users can restrict group access to the AI helper feature through the "composer_ai_helper_allowed_groups" and "post_ai_helper_allowed_groups" site settings.
Severity ?
4.3 (Medium)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T18:56:22.028205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:24:12.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-10-23T13:20:54.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-58055-detect-discourse-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-58055-mitigate-discourse-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic \u201cTitle\u201d, \u201cCategory\u201d, and \u201cTags\u201d allowed authenticated users to extract information about topics that they weren\u2019t authorized to access. By modifying the \u201ctopic_id\u201d value in API requests to the AI suggestion endpoints, users could target specific restricted topics. The AI model\u2019s responses then disclosed information that the authenticated user couldn\u2019t normally access. This issue is fixed in version 3.5.1. To workaround this issue, users can restrict group access to the AI helper feature through the \"composer_ai_helper_allowed_groups\" and \"post_ai_helper_allowed_groups\" site settings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T18:48:55.853Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-32v2-x274-vfhr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-32v2-x274-vfhr"
},
{
"name": "https://github.com/discourse/discourse/commit/28d569cae9b33cd55d647bf41806106e33d975c9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/28d569cae9b33cd55d647bf41806106e33d975c9"
}
],
"source": {
"advisory": "GHSA-32v2-x274-vfhr",
"discovery": "UNKNOWN"
},
"title": "Discourse AI Suggestions Contain Insecure Direct Object Reference"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58055",
"datePublished": "2025-10-01T18:48:55.853Z",
"dateReserved": "2025-08-22T14:30:32.221Z",
"dateUpdated": "2025-10-23T13:20:54.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58054 (GCVE-0-2025-58054)
Vulnerability from cvelistv5 – Published: 2025-10-01 18:42 – Updated: 2025-10-01 19:24
VLAI?
Summary
Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text editor. This issue is fixed in version 3.5.1.
Severity ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:03:59.856488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T19:24:29.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text editor. This issue is fixed in version 3.5.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T18:42:54.700Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-7p47-8m82-m2vf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7p47-8m82-m2vf"
},
{
"name": "https://github.com/discourse/discourse/commit/3a224fd546d894ee408e7414b6879e814a792f91",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/3a224fd546d894ee408e7414b6879e814a792f91"
}
],
"source": {
"advisory": "GHSA-7p47-8m82-m2vf",
"discovery": "UNKNOWN"
},
"title": "Discourse is vulnerable to XSS when quoting chat messages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58054",
"datePublished": "2025-10-01T18:42:54.700Z",
"dateReserved": "2025-08-22T14:30:32.221Z",
"dateUpdated": "2025-10-01T19:24:29.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54411 (GCVE-0-2025-54411)
Vulnerability from cvelistv5 – Published: 2025-08-19 16:41 – Updated: 2025-08-19 19:17
VLAI?
Summary
Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonate
any users for the time being. This vulnerability is fixed in 3.5.0.beta8.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T19:17:21.872267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T19:17:28.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.0.beta8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonate\nany users for the time being. This vulnerability is fixed in 3.5.0.beta8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T16:41:40.362Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-5mm6-j5vq-6884",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-5mm6-j5vq-6884"
},
{
"name": "https://github.com/discourse/discourse/commit/a3374d2850f07444d113216e1d539ee21650dbff",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/a3374d2850f07444d113216e1d539ee21650dbff"
}
],
"source": {
"advisory": "GHSA-5mm6-j5vq-6884",
"discovery": "UNKNOWN"
},
"title": "Discourse welcome banner user name XSS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54411",
"datePublished": "2025-08-19T16:41:40.362Z",
"dateReserved": "2025-07-21T23:18:10.280Z",
"dateUpdated": "2025-08-19T19:17:28.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53102 (GCVE-0-2025-53102)
Vulnerability from cvelistv5 – Published: 2025-07-29 19:24 – Updated: 2025-07-29 19:33
VLAI?
Summary
Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared from the user’s session after authentication, potentially allowing reuse and increasing security risk. This is fixed in versions 3.4.7 and 3.5.0.beta.8.
Severity ?
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53102",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T19:33:36.975492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T19:33:43.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.5.0.beta1, \u003c 3.5.0.beta.8"
},
{
"status": "affected",
"version": "\u003c 3.4.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared from the user\u2019s session after authentication, potentially allowing reuse and increasing security risk. This is fixed in versions 3.4.7 and 3.5.0.beta.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-29T19:24:06.076Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-hv49-93h5-4wcv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-hv49-93h5-4wcv"
},
{
"name": "https://github.com/discourse/discourse/commit/20bf65099bb861a141bc10e8a4eab65329d91802",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/20bf65099bb861a141bc10e8a4eab65329d91802"
},
{
"name": "https://github.com/discourse/discourse/commit/8bc0cee2c00a514ea60f33ea6172da2ce5a05beb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/8bc0cee2c00a514ea60f33ea6172da2ce5a05beb"
}
],
"source": {
"advisory": "GHSA-hv49-93h5-4wcv",
"discovery": "UNKNOWN"
},
"title": "Discourse\u0027s WebAuthn challenge isn\u0027t cleared from user session after authentication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53102",
"datePublished": "2025-07-29T19:24:06.076Z",
"dateReserved": "2025-06-25T13:41:23.086Z",
"dateUpdated": "2025-07-29T19:33:43.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49845 (GCVE-0-2025-49845)
Vulnerability from cvelistv5 – Published: 2025-06-25 15:39 – Updated: 2025-06-26 19:44
VLAI?
Summary
Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`. However, it has been discovered that users of versions prior to 3.4.6 on the `stable` branch and prior to 3.5.0.beta8-dev on the `tests-passed` branch can continue to see their own whispers even after losing visibility of posts typed `whisper`. This issue is patched in versions 3.4.6 and 3.5.0.beta8-dev. No known workarounds are available.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T19:44:43.264019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T19:44:55.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.6"
},
{
"status": "affected",
"version": "\u003e= 3.5.0.beta0-dev, \u003c 3.5.0.beta8-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`. However, it has been discovered that users of versions prior to 3.4.6 on the `stable` branch and prior to 3.5.0.beta8-dev on the `tests-passed` branch can continue to see their own whispers even after losing visibility of posts typed `whisper`. This issue is patched in versions 3.4.6 and 3.5.0.beta8-dev. No known workarounds are available."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T15:39:01.328Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-79qw-r73r-69gf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-79qw-r73r-69gf"
}
],
"source": {
"advisory": "GHSA-79qw-r73r-69gf",
"discovery": "UNKNOWN"
},
"title": "Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49845",
"datePublished": "2025-06-25T15:39:01.328Z",
"dateReserved": "2025-06-11T14:33:57.800Z",
"dateUpdated": "2025-06-26T19:44:55.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48954 (GCVE-0-2025-48954)
Vulnerability from cvelistv5 – Published: 2025-06-25 14:02 – Updated: 2025-06-25 14:19
VLAI?
Summary
Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled.
Severity ?
8.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T14:18:06.577106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T14:19:13.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.0.beta6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn\u0027t enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T14:02:46.515Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-26p5-mjjh-wfcf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-26p5-mjjh-wfcf"
}
],
"source": {
"advisory": "GHSA-26p5-mjjh-wfcf",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to XSS via user-provided query parameter in oauth failure flow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48954",
"datePublished": "2025-06-25T14:02:46.515Z",
"dateReserved": "2025-05-28T18:49:07.585Z",
"dateUpdated": "2025-06-25T14:19:13.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48877 (GCVE-0-2025-48877)
Vulnerability from cvelistv5 – Published: 2025-06-09 12:36 – Updated: 2025-06-09 15:17
VLAI?
Summary
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site's `allowed_iframes`.
Severity ?
CWE
- CWE-1038 - Insecure Automated Optimizations
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:11:20.634452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:17:08.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.4"
},
{
"status": "affected",
"version": "\u003c 3.5.0.beta5"
},
{
"status": "affected",
"version": "\u003c 3.5.0.beta6-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site\u0027s `allowed_iframes`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1038",
"description": "CWE-1038: Insecure Automated Optimizations",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T12:36:29.651Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-cm93-6m2m-cjcv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-cm93-6m2m-cjcv"
}
],
"source": {
"advisory": "GHSA-cm93-6m2m-cjcv",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48877",
"datePublished": "2025-06-09T12:36:29.651Z",
"dateReserved": "2025-05-27T20:14:34.296Z",
"dateUpdated": "2025-06-09T15:17:08.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48062 (GCVE-0-2025-48062)
Vulnerability from cvelistv5 – Published: 2025-06-09 12:33 – Updated: 2025-06-09 13:00
VLAI?
Summary
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML. This includes inviting someone (without an account) to a PM and inviting someone (without an account) to a topic with a custom message. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. This can be worked around if the relevant templates are overridden without `{topic_title}`.
Severity ?
7.1 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48062",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T12:59:58.570348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:00:15.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.4"
},
{
"status": "affected",
"version": "\u003c 3.5.0.beta5"
},
{
"status": "affected",
"version": "\u003c 3.5.0.beta6-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML. This includes inviting someone (without an account) to a PM and inviting someone (without an account) to a topic with a custom message. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. This can be worked around if the relevant templates are overridden without `{topic_title}`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T12:33:57.870Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-x8mp-chx3-6x2p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-x8mp-chx3-6x2p"
}
],
"source": {
"advisory": "GHSA-x8mp-chx3-6x2p",
"discovery": "UNKNOWN"
},
"title": "Discourse vulnerable to HTML injection when inviting to topic via email"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48062",
"datePublished": "2025-06-09T12:33:57.870Z",
"dateReserved": "2025-05-15T16:06:40.941Z",
"dateUpdated": "2025-06-09T13:00:15.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}