Vendor Discourse
Affected product Discourse
Affected versions stable < 3.1.3; beta/tests-passed < 3.2.0.beta3
Vulnerability type CWE-79: Cross-Site Scripting
Description Some links can inject arbitrary HTML tags when rendered through our Onebox engine.
Status fixed in stable >= 3.1.3; beta/tests-passed >= 3.2.0.beta3
Reporter Justin Gardner, Soma Ono(Rakuten Group, Inc.), So Sakaguchi(GMO Cybersecurity by Ierae, Inc.)