CVE-2024-23834

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 30, 2024

Updated: Feb 8, 2024

CWE ID 79

Summary

CVE-2024-23834 is a newly disclosed vulnerability affecting Discourse, an open-source discussion platform. This issue arises from improperly sanitized user input, which could result in a Cross-Site Scripting (XSS) attack. Notably, this vulnerability only impacts Discourse instances with disabled Content Security Policy (CSP). To mitigate this risk, users are advised to enable CSP and avoid including `unsafe-inline`. The latest patches for this issue are available in versions 3.1.5 and 3.2.0.beta5.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Discourse

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uPtd5m
https://www.cve.org/CVERecord?id=CVE-2024-23834
https://nvd.nist.gov/vuln/detail/CVE-2024-23834

Back to Vulnerability Database

CVE-2024-23834

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations