CVE-2023-36473
Published: Jul 13, 2023Modified: Nov 21, 2024
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD
Description
Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.
Affected (210)
Configuration A210 vulnerable
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.0.5 | |
| Version 1.1.0 beta1 | |
| Version 1.1.0 beta2 | |
| Version 1.1.0 beta3 | |
| Version 1.1.0 beta4 | |
| Version 1.1.0 beta5 | |
| Version 1.1.0 beta6 | |
| Version 1.1.0 beta6b | |
| Version 1.1.0 beta7 | |
| Version 1.1.0 beta8 | |
| Version 1.2.0 beta1 | |
| Version 1.2.0 beta2 | |
| Version 1.2.0 beta3 | |
| Version 1.2.0 beta4 | |
| Version 1.2.0 beta5 | |
| Version 1.2.0 beta6 | |
| Version 1.2.0 beta7 | |
| Version 1.2.0 beta8 | |
| Version 1.2.0 beta9 | |
| Version 1.3.0 beta10 | |
| Version 1.3.0 beta11 | |
| Version 1.3.0 beta1 | |
| Version 1.3.0 beta2 | |
| Version 1.3.0 beta3 | |
| Version 1.3.0 beta4 | |
| Version 1.3.0 beta5 | |
| Version 1.3.0 beta6 | |
| Version 1.3.0 beta7 | |
| Version 1.3.0 beta8 | |
| Version 1.3.0 beta9 | |
| Version 1.4.0 beta10 | |
| Version 1.4.0 beta11 | |
| Version 1.4.0 beta12 | |
| Version 1.4.0 beta1 | |
| Version 1.4.0 beta2 | |
| Version 1.4.0 beta3 | |
| Version 1.4.0 beta4 | |
| Version 1.4.0 beta5 | |
| Version 1.4.0 beta6 | |
| Version 1.4.0 beta7 | |
| Version 1.4.0 beta8 | |
| Version 1.4.0 beta9 | |
| Version 1.5.0 beta10 | |
| Version 1.5.0 beta11 | |
| Version 1.5.0 beta12 | |
| Version 1.5.0 beta13 | |
| Version 1.5.0 beta13b | |
| Version 1.5.0 beta14 | |
| Version 1.5.0 beta1 | |
| Version 1.5.0 beta2 | |
| Version 1.5.0 beta3 | |
| Version 1.5.0 beta4 | |
| Version 1.5.0 beta5 | |
| Version 1.5.0 beta6 | |
| Version 1.5.0 beta7 | |
| Version 1.5.0 beta8 | |
| Version 1.5.0 beta9 | |
| Version 1.6.0 beta10 | |
| Version 1.6.0 beta11 | |
| Version 1.6.0 beta12 | |
| Version 1.6.0 beta1 | |
| Version 1.6.0 beta2 | |
| Version 1.6.0 beta3 | |
| Version 1.6.0 beta4 | |
| Version 1.6.0 beta5 | |
| Version 1.6.0 beta6 | |
| Version 1.6.0 beta7 | |
| Version 1.6.0 beta8 | |
| Version 1.6.0 beta9 | |
| Version 1.7.0 beta10 | |
| Version 1.7.0 beta11 | |
| Version 1.7.0 beta1 | |
| Version 1.7.0 beta2 | |
| Version 1.7.0 beta3 | |
| Version 1.7.0 beta4 | |
| Version 1.7.0 beta5 | |
| Version 1.7.0 beta6 | |
| Version 1.7.0 beta7 | |
| Version 1.7.0 beta8 | |
| Version 1.7.0 beta9 | |
| Version 1.8.0 beta10 | |
| Version 1.8.0 beta11 | |
| Version 1.8.0 beta12 | |
| Version 1.8.0 beta13 | |
| Version 1.8.0 beta1 | |
| Version 1.8.0 beta2 | |
| Version 1.8.0 beta3 | |
| Version 1.8.0 beta4 | |
| Version 1.8.0 beta5 | |
| Version 1.8.0 beta6 | |
| Version 1.8.0 beta7 | |
| Version 1.8.0 beta8 | |
| Version 1.8.0 beta9 | |
| Version 1.9.0 beta10 | |
| Version 1.9.0 beta11 | |
| Version 1.9.0 beta12 | |
| Version 1.9.0 beta13 | |
| Version 1.9.0 beta14 | |
| Version 1.9.0 beta15 | |
| Version 1.9.0 beta16 | |
| Version 1.9.0 beta17 | |
| Version 1.9.0 beta1 | |
| Version 1.9.0 beta2 | |
| Version 1.9.0 beta3 | |
| Version 1.9.0 beta4 | |
| Version 1.9.0 beta5 | |
| Version 1.9.0 beta6 | |
| Version 1.9.0 beta7 | |
| Version 1.9.0 beta8 | |
| Version 1.9.0 beta9 | |
| Version 2.0.0 beta10 | |
| Version 2.0.0 beta1 | |
| Version 2.0.0 beta2 | |
| Version 2.0.0 beta3 | |
| Version 2.0.0 beta4 | |
| Version 2.0.0 beta5 | |
| Version 2.0.0 beta6 | |
| Version 2.0.0 beta7 | |
| Version 2.0.0 beta8 | |
| Version 2.0.0 beta9 | |
| Version 2.1.0 beta1 | |
| Version 2.1.0 beta2 | |
| Version 2.1.0 beta3 | |
| Version 2.1.0 beta4 | |
| Version 2.1.0 beta5 | |
| Version 2.1.0 beta6 | |
| Version 2.2.0 beta10 | |
| Version 2.2.0 beta1 | |
| Version 2.2.0 beta2 | |
| Version 2.2.0 beta3 | |
| Version 2.2.0 beta4 | |
| Version 2.2.0 beta5 | |
| Version 2.2.0 beta6 | |
| Version 2.2.0 beta7 | |
| Version 2.2.0 beta8 | |
| Version 2.2.0 beta9 | |
| Version 2.3.0 beta10 | |
| Version 2.3.0 beta11 | |
| Version 2.3.0 beta1 | |
| Version 2.3.0 beta2 | |
| Version 2.3.0 beta3 | |
| Version 2.3.0 beta4 | |
| Version 2.3.0 beta5 | |
| Version 2.3.0 beta6 | |
| Version 2.3.0 beta7 | |
| Version 2.3.0 beta8 | |
| Version 2.3.0 beta9 | |
| Version 2.4.0 beta10 | |
| Version 2.4.0 beta11 | |
| Version 2.4.0 beta1 | |
| Version 2.4.0 beta2 | |
| Version 2.4.0 beta3 | |
| Version 2.4.0 beta4 | |
| Version 2.4.0 beta5 | |
| Version 2.4.0 beta6 | |
| Version 2.4.0 beta7 | |
| Version 2.4.0 beta8 | |
| Version 2.4.0 beta9 | |
| Version 2.5.0 beta1 | |
| Version 2.5.0 beta2 | |
| Version 2.5.0 beta3 | |
| Version 2.5.0 beta4 | |
| Version 2.5.0 beta5 | |
| Version 2.5.0 beta6 | |
| Version 2.5.0 beta7 | |
| Version 2.6.0 beta1 | |
| Version 2.6.0 beta2 | |
| Version 2.6.0 beta3 | |
| Version 2.6.0 beta4 | |
| Version 2.6.0 beta5 | |
| Version 2.6.0 beta6 | |
| Version 2.7.0 beta1 | |
| Version 2.7.0 beta2 | |
| Version 2.7.0 beta3 | |
| Version 2.7.0 beta4 | |
| Version 2.7.0 beta5 | |
| Version 2.7.0 beta6 | |
| Version 2.7.0 beta7 | |
| Version 2.7.0 beta8 | |
| Version 2.7.0 beta9 | |
| Version 2.8.0 beta10 | |
| Version 2.8.0 beta11 | |
| Version 2.8.0 beta1 | |
| Version 2.8.0 beta2 | |
| Version 2.8.0 beta3 | |
| Version 2.8.0 beta4 | |
| Version 2.8.0 beta5 | |
| Version 2.8.0 beta6 | |
| Version 2.8.0 beta7 | |
| Version 2.8.0 beta8 | |
| Version 2.8.0 beta9 | |
| Version 2.9.0 beta10 | |
| Version 2.9.0 beta11 | |
| Version 2.9.0 beta12 | |
| Version 2.9.0 beta13 | |
| Version 2.9.0 beta14 | |
| Version 2.9.0 beta1 | |
| Version 2.9.0 beta2 | |
| Version 2.9.0 beta3 | |
| Version 2.9.0 beta4 | |
| Version 2.9.0 beta5 | |
| Version 2.9.0 beta6 | |
| Version 2.9.0 beta7 | |
| Version 2.9.0 beta8 | |
| Version 2.9.0 beta9 | |
| Version 3.0.0 beta15 | |
| Version 3.0.0 beta16 | |
| Version 3.1.0 beta1 | |
| Version 3.1.0 beta2 | |
| Version 3.1.0 beta5 |
References (2)
Source: security-advisories@github.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.