← back
CVE-2024-52794

Magnific lightbox susceptible to Cross-site Scripting in Discourse

CVSS 6.8 MEDIUMEPSS 0.3%CWE-79
Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
Affected products
discourse · discourse

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/discourse/discourse/security/advisories/GHSA-m3v4-v2rp-hfm9