8

CVE-2023-22454

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the "require moderator approval of all new topics" setting set. This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy. A patch is available in versions 2.8.14 and 3.0.0.beta16.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DiscourseDiscourse SwEditionstable Version < 2.8.14
DiscourseDiscourse Version1.1.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta6b SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta13 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta13b SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta14 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta13 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta13 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta14 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta15 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta16 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta17 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta13 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta14 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version3.0.0 Updatebeta15 SwEditionbeta
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.523
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com 8 2.1 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.