Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-37633

Published: 09/08/2021 Updated: 17/08/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Discourse

Vulnerability Summary

Discourse is an open source discussion platform. In versions before 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest `stable` 2.7.8 version of Discourse. As a workaround users may ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

discourse discourse

discourse discourse 2.8.0

References

CWE-79https://github.com/discourse/discourse/commit/38199424bc840d2ef002cd1e9bffdbb99191eb47https://github.com/discourse/discourse/security/advisories/GHSA-v3v8-3m5w-pjp9https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525CVE-2024-4652CVE-2024-1438CVE-2024-4671CVE-2024-34351arbitrary CVE-2024-4650SQL injectionoverflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook