CVE-2024-52794

MEDIUM

Discourse < 3.3.2 - XSS

Title source: rule

Description

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Exploits (1)

nomisec WRITEUP

by Beesco00 · poc

https://github.com/Beesco00/CVE-2024-52794-Discourse-Stored-XSS

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://github.com/discourse/discourse/security/advisories/GHSA-m3v4-v2rp-hfm9

Scores

CVSS v3 6.8

EPSS 0.0053

EPSS Percentile 67.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (3)

discourse/discourse 3.4.0 beta1 (3 CPE variants)

discourse/discourse < 3.3.2

discourse/discourse < 3.4.0

Published Dec 19, 2024

Tracked Since Feb 18, 2026