CVE-2024-43408 – Discourse Placeholder Forms has a XSS stopped by CSP

https://notcve.org/view.php?id=CVE-2024-43408

Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7. • https://github.com/discourse/discourse-placeholder-theme-component/commit/a62f711d5600e4e5d86f342d52932cb6221672e7 https://github.com/discourse/discourse-placeholder-theme-component/security/advisories/GHSA-9wx4-cmv3-g5jw • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •