CVE-2026-32243 in Discourseالمعلومات

الملخص

بحسب MITRE • 31/03/2026

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted conversation titles. This payload would execute in the browser of any user viewing the onebox preview, potentially allowing session hijacking or unauthorized actions on behalf of the victim. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

11/03/2026

إفشاء

31/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-354471

CPE

جاهز

CWE

CWE-79 (مؤكد)

CVSS

3.5 (VulDB)

EPSS

0.00045

KEV

لا

النشاطات

منخفض جدًا

القطاع

Telecommunication, Police, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32243
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32243
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32243/

التالي ▸نظرة عامة ◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!