Home > Vulnerability Database > CVE-2023-47119

Mend.io Vulnerability Database

CVE-2023-47119

Date: November 10, 2023

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the "stable" branch and version 3.2.0.beta3 of the "beta" and "tests-passed" branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the "stable" branch and version 3.2.0.beta3 of the "beta" and "tests-passed" branches. There are no known workarounds.

Language: Ruby

Severity Score

5.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-47119

Url: https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5w

Url: https://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09

Url: https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321c

Url: https://www.mend.io/vulnerability-database/CVE-2023-47119

Severity Score

5.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-47119

Date: November 10, 2023

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?