← Back

CVE-2024-52794

nvd nist
Published: Dec 19, 2024Modified: Aug 26, 2025

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (5)

Products: Discourse: Discourse
Discourse
1 product
Discourse
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Discourse
Discourse
Before 3.4.0
Discourse
Before 3.3.2
Discourse
Version 3.4.0 beta1
Discourse
Version 3.4.0 beta2
Discourse
Version 3.4.0 beta3

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.