CVE-2023-32061

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jun 13, 2023

Updated: Jun 23, 2023

CWE ID 863

Summary

CVE-2023-32061 is a vulnerability affecting Discourse, an open-source discussion platform. Prior to versions 3.0.4 of the stable branch and 3.1.0.beta5 of the beta and tests-passed branches, the platform did not impose restrictions on the iFrame tag. This oversight allowed attackers to conceal subsequent comments from other users, creating a potential security risk. No known workarounds exist, and users are advised to update to the patched versions, which are 3.0.4 for the stable branch and 3.1.0.beta5 for the beta and tests-passed branches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Discourse

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/roSfSl
https://www.cve.org/CVERecord?id=CVE-2023-32061
https://nvd.nist.gov/vuln/detail/CVE-2023-32061

Back to Vulnerability Database

CVE-2023-32061

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations