Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for discourse-placeholder-theme-component by discourse

    CVE-2024-43408 (GCVE-0-2024-43408)

    Vulnerability from nvd – Published: 2024-08-20 16:28 – Updated: 2024-09-03 14:56
    VLAI
    Title
    Discourse Placeholder Forms has a XSS stopped by CSP
    Summary
    Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    discourse discourse-placeholder-theme-component Affected: < a62f711d5600e4e5d86f342d52932cb6221672e7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43408",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T14:01:33.373122Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T14:56:18.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "discourse-placeholder-theme-component",
              "vendor": "discourse",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c a62f711d5600e4e5d86f342d52932cb6221672e7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-20T16:28:48.424Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/discourse/discourse-placeholder-theme-component/security/advisories/GHSA-9wx4-cmv3-g5jw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/discourse/discourse-placeholder-theme-component/security/advisories/GHSA-9wx4-cmv3-g5jw"
            },
            {
              "name": "https://github.com/discourse/discourse-placeholder-theme-component/commit/a62f711d5600e4e5d86f342d52932cb6221672e7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/discourse/discourse-placeholder-theme-component/commit/a62f711d5600e4e5d86f342d52932cb6221672e7"
            }
          ],
          "source": {
            "advisory": "GHSA-9wx4-cmv3-g5jw",
            "discovery": "UNKNOWN"
          },
          "title": "Discourse Placeholder Forms has a XSS stopped by CSP"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-43408",
        "datePublished": "2024-08-20T16:28:48.424Z",
        "dateReserved": "2024-08-12T18:02:04.966Z",
        "dateUpdated": "2024-09-03T14:56:18.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43408 (GCVE-0-2024-43408)

    Vulnerability from cvelistv5 – Published: 2024-08-20 16:28 – Updated: 2024-09-03 14:56
    VLAI
    Title
    Discourse Placeholder Forms has a XSS stopped by CSP
    Summary
    Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    discourse discourse-placeholder-theme-component Affected: < a62f711d5600e4e5d86f342d52932cb6221672e7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43408",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T14:01:33.373122Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T14:56:18.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "discourse-placeholder-theme-component",
              "vendor": "discourse",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c a62f711d5600e4e5d86f342d52932cb6221672e7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-20T16:28:48.424Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/discourse/discourse-placeholder-theme-component/security/advisories/GHSA-9wx4-cmv3-g5jw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/discourse/discourse-placeholder-theme-component/security/advisories/GHSA-9wx4-cmv3-g5jw"
            },
            {
              "name": "https://github.com/discourse/discourse-placeholder-theme-component/commit/a62f711d5600e4e5d86f342d52932cb6221672e7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/discourse/discourse-placeholder-theme-component/commit/a62f711d5600e4e5d86f342d52932cb6221672e7"
            }
          ],
          "source": {
            "advisory": "GHSA-9wx4-cmv3-g5jw",
            "discovery": "UNKNOWN"
          },
          "title": "Discourse Placeholder Forms has a XSS stopped by CSP"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-43408",
        "datePublished": "2024-08-20T16:28:48.424Z",
        "dateReserved": "2024-08-12T18:02:04.966Z",
        "dateUpdated": "2024-09-03T14:56:18.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }