← voltar
CVE-2024-52794

Magnific lightbox susceptible to Cross-site Scripting in Discourse

CVSS 6.8 MEDIUMEPSS 0.3%CWE-79
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 dez 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
Produtos afetados
discourse · discourse

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/discourse/discourse/security/advisories/GHSA-m3v4-v2rp-hfm9