{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T04:26:36.050","vulnerabilities":[{"cve":{"id":"CVE-2024-56328","sourceIdentifier":"security-advisories@github.com","published":"2025-02-04T21:15:27.400","lastModified":"2025-09-26T13:04:43.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP, disable inline Oneboxes globally, or allow specific domains for Oneboxing."},{"lang":"es","value":"Discourse es una plataforma de código abierto para debates comunitarios. Un atacante puede ejecutar código JavaScript arbitrario en los navegadores de los usuarios publicando una URL maliciosa de Onebox manipulado. Este problema solo afecta a los sitios con CSP deshabilitado. Este problema se ha corregido en la última versión de Discourse. Se recomienda a los usuarios que actualicen la versión. Los usuarios que no puedan actualizar la versión deben habilitar CSP, deshabilitar los Onebox en línea de forma global o permitir dominios específicos para Oneboxing."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*","versionEndExcluding":"3.3.3","matchCriteriaId":"033D6E30-2A4D-43D4-9178-0BA5A7C501B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*","versionEndExcluding":"3.4.0","matchCriteriaId":"B70F4653-EB23-49AB-AF71-C39E5B6D5E5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.4.0:beta1:*:*:beta:*:*:*","matchCriteriaId":"AF6D8860-8764-4EEF-9FDD-89FF932791A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.4.0:beta2:*:*:beta:*:*:*","matchCriteriaId":"6A7FC47A-8C19-4E39-B0CF-ADA835A02A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.4.0:beta3:*:*:beta:*:*:*","matchCriteriaId":"8802773F-8216-4F0F-9F58-89056BFBE8B8"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-j855-mhxj-x6vg","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}}]}