CVE-2023-47119

MEDIUM Year: 2023
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.

Related Vulnerabilities

CVE-2014-10386

MEDIUM
CVSS:6.1(Medium)

The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.

CWE-742014

CVE-2014-10391

MEDIUM
CVSS:6.1(Medium)

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.

CWE-742014

CVE-2014-10394

MEDIUM
CVSS:6.1(Medium)

The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.

CWE-742014

CVE-2015-3154

MEDIUM
CVSS:6.1(Medium)

CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HT...

CWE-742015

CVE-2015-5462

MEDIUM
CVSS:6.1(Medium)

AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features.

CWE-742015

CVE-2016-5701

MEDIUM
CVSS:6.1(Medium)

setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions v...

CWE-742016