CVE-2024-35234

CVSS V2 None CVSS V3 None
Description
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only affects sites with Content Security Polic (CSP) disabled. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. As a workaround, ensure CSP is enabled on the forum.
Overview
  • CVE ID
  • CVE-2024-35234
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-07-03T18:23:10.179Z
  • Last Modified Date
  • 2024-07-03T18:40:10.254Z
History
Created Old Value New Value Data Type Notes
2024-07-04 13:10:40 Added to TrackCVE