CVE-2023-47119
Description
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable
branch and version 3.2.0.beta3 of the beta
and tests-passed
branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the stable
branch and version 3.2.0.beta3 of the beta
and tests-passed
branches. There are no known workarounds.
NVD
Severity: MEDIUM
CVE ID: CVE-2023-47119
CVSS Score: 6.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
GitHub, Inc.
Severity: MEDIUM
CVE ID: CVE-2023-47119
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Proof Of Concept
BaadMaro
A POC for CVE-2023-47119
Refrence: GitHub
Cristiano100
Refrence: GitHub