Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for discourse-placeholder-theme-component by discourse
CVE-2024-43408 (GCVE-0-2024-43408)
Vulnerability from nvd – Published: 2024-08-20 16:28 – Updated: 2024-09-03 14:56
VLAI?
Title
Discourse Placeholder Forms has a XSS stopped by CSP
Summary
Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| discourse | discourse-placeholder-theme-component |
Affected:
< a62f711d5600e4e5d86f342d52932cb6221672e7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T14:01:33.373122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:56:18.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse-placeholder-theme-component",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c a62f711d5600e4e5d86f342d52932cb6221672e7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T16:28:48.424Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse-placeholder-theme-component/security/advisories/GHSA-9wx4-cmv3-g5jw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse-placeholder-theme-component/security/advisories/GHSA-9wx4-cmv3-g5jw"
},
{
"name": "https://github.com/discourse/discourse-placeholder-theme-component/commit/a62f711d5600e4e5d86f342d52932cb6221672e7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse-placeholder-theme-component/commit/a62f711d5600e4e5d86f342d52932cb6221672e7"
}
],
"source": {
"advisory": "GHSA-9wx4-cmv3-g5jw",
"discovery": "UNKNOWN"
},
"title": "Discourse Placeholder Forms has a XSS stopped by CSP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43408",
"datePublished": "2024-08-20T16:28:48.424Z",
"dateReserved": "2024-08-12T18:02:04.966Z",
"dateUpdated": "2024-09-03T14:56:18.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43408 (GCVE-0-2024-43408)
Vulnerability from cvelistv5 – Published: 2024-08-20 16:28 – Updated: 2024-09-03 14:56
VLAI?
Title
Discourse Placeholder Forms has a XSS stopped by CSP
Summary
Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| discourse | discourse-placeholder-theme-component |
Affected:
< a62f711d5600e4e5d86f342d52932cb6221672e7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T14:01:33.373122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:56:18.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse-placeholder-theme-component",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c a62f711d5600e4e5d86f342d52932cb6221672e7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T16:28:48.424Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/discourse/discourse-placeholder-theme-component/security/advisories/GHSA-9wx4-cmv3-g5jw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse-placeholder-theme-component/security/advisories/GHSA-9wx4-cmv3-g5jw"
},
{
"name": "https://github.com/discourse/discourse-placeholder-theme-component/commit/a62f711d5600e4e5d86f342d52932cb6221672e7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse-placeholder-theme-component/commit/a62f711d5600e4e5d86f342d52932cb6221672e7"
}
],
"source": {
"advisory": "GHSA-9wx4-cmv3-g5jw",
"discovery": "UNKNOWN"
},
"title": "Discourse Placeholder Forms has a XSS stopped by CSP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43408",
"datePublished": "2024-08-20T16:28:48.424Z",
"dateReserved": "2024-08-12T18:02:04.966Z",
"dateUpdated": "2024-09-03T14:56:18.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}