Cross-Site Scripting Vulnerability in Discourse Community Platform
CVE-2024-56328
What is CVE-2024-56328?
A vulnerability exists within the Discourse platform that allows an attacker to execute arbitrary JavaScript in the browser of unsuspecting users through maliciously crafted Onebox URLs. This vulnerability specifically impacts instances where Content Security Policy (CSP) is disabled. It is crucial for users to upgrade to the latest version of Discourse to mitigate this security risk. For those who cannot upgrade immediately, enabling CSP, disabling inline Oneboxes globally, or allowing specific domains for Oneboxing are recommended mitigation strategies.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
discourse stable: <= 3.3.3 <= stable: 3.3.3
discourse beta: <= 3.4.0.beta3 <= beta: 3.4.0.beta3
discourse tests-passed: <= 3.4.0.beta3 <= tests-passed: 3.4.0.beta3
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved