CVE-2025-46824

LOW Year: 2025
CVSS v3 Score
3.1
Low
Weakness Type
CWE-79
View all →

Vulnerability Description

The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin. As a workaround, one may disable the plugin.

Related Vulnerabilities

CVE-2016-7239

LOW
CVSS:3.1(Low)

The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information ...

CWE-792016

CVE-2019-11291

LOW
CVSS:3.1(Low)

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, feder...

CWE-792019

CVE-2023-48679

LOW
CVSS:3.1(Low)

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

CWE-792023

CVE-2024-25637

LOW
CVSS:3.1(Low)

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. T...

CWE-792024

CVE-2024-28866

LOW
CVSS:3.1(Low)

GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 (inclusive) are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while G...

CWE-792024