CVE-2022-46162
Discourse BBCode plugin vulnerable to arbitrary CSS injection
In short
The Discourse BBCode plugin fails to properly sanitize CSS in user-generated content, allowing attackers to inject malicious styles that can deface pages, steal information, or redirect users. This only affects sites with the plugin installed.
Technical detail
The vulnerability exists in CSS rendering within the discourse-bbcode plugin, allowing arbitrary CSS injection via BBCode content. An authenticated attacker can inject malicious stylesheets through crafted BBCode markup, potentially exfiltrating data via CSS selectors or causing denial of service. The issue is resolved in commit 91478f5.
Summary generated and translated by AI from the official description.
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. As a workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
discourse · discourse-bbcodeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →