Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-47119

Published: 10/11/2023 Updated: 16/11/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.

Vulnerable Product Search on Vulmon Subscribe to Product

discourse discourse 3.2.0

discourse discourse

Github Repositories

https://github.com/BaadMaro/CVE-2023-47119

A POC for CVE-2023-47119

Table of contents CVE-2023-47119 Detailed analysis POC Escalation ? LAB Setup CVE-2023-47119 A POC for CVE-2023-47119 which is a vulnerability affecting Discourse versions prior to version 313 of the stable branch and version 320beta3 of the beta and tests-passed branches Some links can inject arbitrary HTML tags when rendered through the Onebox engine Detai

https://github.com/BaadMaro/BaadMaro

Hi there πŸ‘‹ πŸ“ Latest blog posts Blog : baadmarogithubio/ Discourse CVE-2023-47119 - Building a CVE POC from commits changes Bypass captcha using OCR on Dolibarr login page Android Applications Pentesting, Intentional Exercise from Hackerone platform IoT Pentesting with Teltonika RUT9XX

References

CWE-79https://github.com/discourse/discourse/security/advisories/GHSA-j95w-5hvx-jp5whttps://github.com/discourse/discourse/commit/628b293ff53fb617b3464dd27268aec84388cc09https://github.com/discourse/discourse/commit/d78357917c6a917a8a27af68756228e89c69321chttps://nvd.nist.govhttps://github.com/BaadMaro/CVE-2023-47119
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2024-5274CVE-2020-17519CVE-2024-35340CVE-2021-47558localXML injectionCVE-2021-47519CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook