CVE-2026-32243 in Discourseinformação

Sumário (Inglês)

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted conversation titles. This payload would execute in the browser of any user viewing the onebox preview, potentially allowing session hijacking or unauthorized actions on behalf of the victim. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsável

GitHub_M

Reservar

11/03/2026

Divulgação

31/03/2026

Estado

Confirmado

Inscrições

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadeCWEExpConCVE
354471Discourse Script de Site Cruzado79Não definidoCorreção oficialCVE-2026-32243

Descrição

CPE

CWE

CVSS

Explorações

História

Diferença

Relacionar

Inteligência de ameaças

API JSON

API XML

API CSV

Fontes

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!