{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T11:21:00.106","vulnerabilities":[{"cve":{"id":"CVE-2024-35234","sourceIdentifier":"security-advisories@github.com","published":"2024-07-03T19:15:04.123","lastModified":"2024-11-21T09:19:59.373","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only affects sites with Content Security Polic (CSP) disabled. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. As a workaround, ensure CSP is enabled on the forum."},{"lang":"es","value":"Discourse es una plataforma de discusión de código abierto. Antes de la versión 3.2.3 en la rama \"estable\" y la versión 3.3.0.beta3 en la rama \"pruebas aprobadas\", un atacante podía ejecutar JavaScript arbitrario en los navegadores de los usuarios publicando una URL específica que contenía metaetiquetas creadas con fines malintencionados. Este problema solo afecta a sitios con la Política de seguridad de contenido (CSP) deshabilitada. El problema se solucionó en la versión 3.2.3 en la rama \"estable\" y en la versión 3.3.0.beta3 en la rama \"pruebas aprobadas\". Como workaround, asegúrese de que CSP esté habilitado en el foro."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*","versionEndExcluding":"3.2.3","matchCriteriaId":"8F15A89F-6283-4B24-801E-E415FF5A4272"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*","versionEndExcluding":"3.3.0","matchCriteriaId":"4EBDB0A9-6C68-4FC5-81CD-5E1B042DD60C"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.3.0:beta1:*:*:beta:*:*:*","matchCriteriaId":"4FE1C6B5-D21B-46CC-A889-EECE10A7130A"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.3.0:beta2:*:*:beta:*:*:*","matchCriteriaId":"51C031F6-729E-4560-B33D-382177F2DB7D"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-5chg-hm8c-wc58","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/discourse/discourse/commit/26aef0c288839378b9de5819e96eac8cf4ea60fd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/commit/311b737c910cf0a69f61e1b8bc0b78374b6619d2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-5chg-hm8c-wc58","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}