CVE-2025-48954 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't ena…
High CVSS: 8.1

CVE-2025-48954

Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled.
Vendor
Discourse
Product
Discourse
CWE
CWE-79
Yayın Tarihi
2025-06-25 14:15:24
Güncelleme
2025-09-25 20:27:53
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-79 Discourse HIGH Discourse 2025

Referanslar

https://github.com/discourse/discourse/security/advisories/GHSA-26p5-mjjh-wfcf