1 results (0.001 seconds)
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0
CVE-2024-43408 – Discourse Placeholder Forms has a XSS stopped by CSP
https://notcve.org/view.php?id=CVE-2024-43408
Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7. • https://github.com/discourse/discourse-placeholder-theme-component/commit/a62f711d5600e4e5d86f342d52932cb6221672e7 https://github.com/discourse/discourse-placeholder-theme-component/security/advisories/GHSA-9wx4-cmv3-g5jw • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •