Discourse < 2.0.0 beta6 Stored XSS Vulnerability

Published: 2018-08-08 07:46:25

CVSS Base Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Detection Type:
Remote Banner

Solution Type:
Vendor Patch

Summary:
This host is running Discourse and is prone to a stored cross-site scripting (XSS) vulnerability.

Detection Method:
Checks if a vulnerable version is present on the target host.

Impact:
Successful exploitation would allow an attacker to steal cookies, passwords or to run arbitrary code on the victim's browser.

Affected Versions:
Discourse before version 2.0.0 beta6.

Recommendations:
Update Discourse to version 2.0.0 beta6 or later.

References:

https://hackerone.com/reports/333507
https://github.com/discourse/discourse/commit/4fb41663b3c7071dc1ef7d92eb3e5a6516dfe3b5

Search
Severity
Medium
CVSS Score
4.3

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.