6.8

CVE-2023-36473

Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DiscourseDiscourse SwEditionstable Version < 3.0.5
DiscourseDiscourse Version1.1.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta6b SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.1.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.2.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.3.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.4.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta13 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta13b SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta14 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.5.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.6.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.7.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta13 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.8.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta13 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta14 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta15 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta16 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta17 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version1.9.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.0.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.1.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.2.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.3.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.4.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.5.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.6.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.7.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.8.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta10 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta11 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta12 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta13 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta14 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta3 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta4 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta5 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta6 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta7 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta8 SwEditionbeta
DiscourseDiscourse Version2.9.0 Updatebeta9 SwEditionbeta
DiscourseDiscourse Version3.0.0 Updatebeta15 SwEditionbeta
DiscourseDiscourse Version3.0.0 Updatebeta16 SwEditionbeta
DiscourseDiscourse Version3.1.0 Updatebeta1 SwEditionbeta
DiscourseDiscourse Version3.1.0 Updatebeta2 SwEditionbeta
DiscourseDiscourse Version3.1.0 Updatebeta5 SwEditionbeta
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.415
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com 6.8 1.6 5.2
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.