CVE-2024-47773

HIGH

Discourse - XSS

Title source: llm

Description

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.

Exploits (2)

exploitdb WORKING POC
by İbrahimsql · pythonwebappsmultiple
https://www.exploit-db.com/exploits/52358
nomisec WORKING POC 3 stars
by ibrahmsql · poc
https://github.com/ibrahmsql/CVE-2024-47773

References (1)

Scores

CVSS v3 8.2
EPSS 0.0785
EPSS Percentile 92.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Details

CWE
CWE-610
Status published
Products (1)
discourse/discourse < 3.3.2
Published Oct 08, 2024
Tracked Since Feb 18, 2026