CVE-2023-43659

Cross-site Scripting via email preview when CSP disabled in Discourse

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.

Discourse es una plataforma de código abierto para el debate comunitario. El escape inadecuado de la entrada del usuario permitió ataques de Cross-Site Scripting a través de la interfaz de usuario de vista previa del resumen del correo electrónico. Este problema sólo afecta a sitios con CSP deshabilitado. Este problema se solucionó en la versión 3.1.1 stable y en la versión 3.2.0.beta1. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben asegurarse de que CSP esté habilitado en el foro.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-09-20 CVE Reserved
2023-10-16 CVE Published
2024-09-15 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (2)

URL	Tag	Source
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://github.com/discourse/discourse/security/advisories/GHSA-g4qg-5q2h-m8ph	2023-10-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Discourse Search vendor "Discourse"		Discourse Search vendor "Discourse" for product "Discourse"				<= 3.1.1 Search vendor "Discourse" for product "Discourse" and version " <= 3.1.1"		stable		Affected
Discourse Search vendor "Discourse"		Discourse Search vendor "Discourse" for product "Discourse"				3.2.0 Search vendor "Discourse" for product "Discourse" and version "3.2.0"		beta1, beta		Affected