Home > Vulnerability Database > CVE-2024-53266

Mend.io Vulnerability Database

CVE-2024-53266

Date: February 4, 2025

Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. This has been patched in the latest version of Discourse core. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled.

Severity Score

4.3

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53266

Url: https://github.com/discourse/discourse/security/advisories/GHSA-hw4j-4hg7-22h2

Url: https://www.mend.io/vulnerability-database/CVE-2024-53266

Severity Score

4.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53266

Date: February 4, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?