Home > Vulnerability Database > CVE-2025-54411

Mend.io Vulnerability Database

CVE-2025-54411

Good to know:

Date: August 19, 2025

Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonate any users for the time being. This vulnerability is fixed in 3.5.0.beta8.

Severity Score

3.9

Related Resources (4)

Url: https://github.com/discourse/discourse/security/advisories/GHSA-5mm6-j5vq-6884

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54411

Url: https://github.com/discourse/discourse/commit/a3374d2850f07444d113216e1d539ee21650dbff

Url: https://www.mend.io/vulnerability-database/CVE-2025-54411

Severity Score

3.9

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version https://github.com/discourse/discourse.git - 3.5.0.beta8

Learn More

CVSS v3.1

Base Score:	3.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54411

Good to know:

Date: August 19, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?