CVE-2024-52794

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/discourse/discourse/security/advisories/GHSA-m3v4-v2rp-hfm9	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:discourse:discourse:::::stable:::*
	cpe:2.3:a:discourse:discourse:::::beta:::*
	cpe:2.3:a:discourse:discourse:3.4.0:beta1:::beta:::*
	cpe:2.3:a:discourse:discourse:3.4.0:beta2:::beta:::*
	cpe:2.3:a:discourse:discourse:3.4.0:beta3:::beta:::*

History

26 Aug 2025, 02:14

Type	Values Removed	Values Added
CPE		cpe:2.3:a:discourse:discourse:3.4.0:beta2:::beta:::* cpe:2.3:a:discourse:discourse:3.4.0:beta1:::beta:::* cpe:2.3:a:discourse:discourse:3.4.0:beta3:::beta:::* cpe:2.3:a:discourse:discourse:::::stable:::* cpe:2.3:a:discourse:discourse:::::beta:::*
References	~~() https://github.com/discourse/discourse/security/advisories/GHSA-m3v4-v2rp-hfm9 -~~	() https://github.com/discourse/discourse/security/advisories/GHSA-m3v4-v2rp-hfm9 - Vendor Advisory
First Time		Discourse discourse Discourse

19 Dec 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-19 20:15

Updated : 2025-08-26 02:14

NVD link : CVE-2024-52794

Mitre link : CVE-2024-52794

CVE.ORG link : CVE-2024-52794

JSON object : View

Products Affected

discourse

discourse

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-52794", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-12-19T20:15:07.513", "references": [{"url": "https://github.com/discourse/discourse/security/advisories/GHSA-m3v4-v2rp-hfm9", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Discourse es una plataforma de c\u00f3digo abierto para debates comunitarios. Los usuarios que hagan clic en las miniaturas de la caja de luz podr\u00edan verse afectados. Este problema est\u00e1 corregido en la \u00faltima versi\u00f3n de Discourse. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds para esta vulnerabilidad."}], "lastModified": "2025-08-26T02:14:59.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*", "vulnerable": true, "matchCriteriaId": "16A670AB-8B0F-4866-9592-0B463C93175C", "versionEndExcluding": "3.3.2"}, {"criteria": "cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*", "vulnerable": true, "matchCriteriaId": "B70F4653-EB23-49AB-AF71-C39E5B6D5E5F", "versionEndExcluding": "3.4.0"}, {"criteria": "cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*", "vulnerable": true, "matchCriteriaId": "AF6D8860-8764-4EEF-9FDD-89FF932791A7"}, {"criteria": "cpe:2.3:a:discourse:discourse:3.4.0:beta2:*:*:beta:*:*:*", "vulnerable": true, "matchCriteriaId": "6A7FC47A-8C19-4E39-B0CF-ADA835A02A9B"}, {"criteria": "cpe:2.3:a:discourse:discourse:3.4.0:beta3:*:*:beta:*:*:*", "vulnerable": true, "matchCriteriaId": "8802773F-8216-4F0F-9F58-89056BFBE8B8"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}