{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T11:37:46.946","vulnerabilities":[{"cve":{"id":"CVE-2024-45303","sourceIdentifier":"security-advisories@github.com","published":"2024-09-12T19:15:03.793","lastModified":"2024-09-18T20:25:05.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue is patched in version 0.5 of the Discourse Calendar plugin."},{"lang":"es","value":"El complemento Discourse Calendar agrega la capacidad de crear un calendario dinámico en la primera publicación de un tema en Discourse. La representación de los nombres de los eventos puede ser susceptible a ataques XSS. Esta vulnerabilidad solo afecta a los sitios que han modificado o deshabilitado la Política de seguridad de contenido predeterminada de Discourse. El problema se solucionó en la versión 0.5 del complemento Discourse Calendar."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:calendar:*:*:*:*:*:*:*:*","versionEndExcluding":"0.5","matchCriteriaId":"741740CC-9AFC-433C-A946-5163BCAA970F"}]}]}],"references":[{"url":"https://github.com/discourse/discourse-calendar/commit/81e1c8e3c4c02276fb890da7e3f684259aeb685c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/discourse/discourse-calendar/security/advisories/GHSA-rq37-8pf3-4xc8","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}