Home > Vulnerability Database > CVE-2023-43659

Mend.io Vulnerability Database

CVE-2023-43659

Good to know:

Date: October 16, 2023

Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.

Language: Ruby

Severity Score

5.4

Related Resources (4)

Url: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-43659

Url: https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph

Url: https://www.mend.io/vulnerability-database/CVE-2023-43659

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version v3.1.2

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-43659

Good to know:

Date: October 16, 2023

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?