CVE-2024-53266

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 4, 2025

CWE ID 79

Summary

CVE-2024-53266 is a newly disclosed vulnerability affecting Discourse, an open-source community discussion platform. In certain configurations with specific plugins, and when Content Security Policy (CSP) is disabled, the activity streams on user profile pages become susceptible to Cross-Site Scripting (XSS) attacks. This issue has been rectified in the latest version of Discourse core. It is strongly recommended that users upgrade to the latest version to mitigate this risk. For those who cannot upgrade at present, enabling CSP is essential to prevent potential XSS attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Discourse

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0si1W7
https://www.cve.org/CVERecord?id=CVE-2024-53266
https://nvd.nist.gov/vuln/detail/CVE-2024-53266

Back to Vulnerability Database

CVE-2024-53266

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations