{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T09:42:34.094","vulnerabilities":[{"cve":{"id":"CVE-2025-48062","sourceIdentifier":"security-advisories@github.com","published":"2025-06-09T13:15:23.320","lastModified":"2025-09-26T13:05:09.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML. This includes inviting someone (without an account) to a PM and inviting someone (without an account) to a topic with a custom message. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. This can be worked around if the relevant templates are overridden without `{topic_title}`."},{"lang":"es","value":"Discourse es una plataforma de discusión de código abierto. En versiones anteriores a la 3.4.4 de la rama `stable`, la 3.5.0.beta5 de la rama `beta` y la 3.5.0.beta6-dev de la rama `tests-passed`, ciertas invitaciones por correo electrónico podían provocar la inyección de HTML en el cuerpo del correo si el título del tema incluía HTML. Esto incluye invitar a alguien (sin cuenta) a un mensaje privado y a un tema con un mensaje personalizado. Este problema se ha corregido en las versiones 3.4.4 de la rama `stable`, la 3.5.0.beta5 de la rama `beta` y la 3.5.0.beta6-dev de la rama `tests-passed`. Esto se puede solucionar sobrescribiendo las plantillas correspondientes sin `{topic_title}`."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-116"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:stable:*:*:*","versionEndExcluding":"3.4.4","matchCriteriaId":"4B5F12D3-D031-4EF6-B122-2F062FEF67B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*","versionEndExcluding":"3.5.0","matchCriteriaId":"A0A6583A-A8AE-4C05-8947-79A0E4A73E1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.5.0:beta1:*:*:beta:*:*:*","matchCriteriaId":"66931995-F794-48F0-9DBB-9048B6C9D8DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.5.0:beta2:*:*:beta:*:*:*","matchCriteriaId":"B0461B93-273C-4305-80F9-C70A100B4DFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.5.0:beta3:*:*:beta:*:*:*","matchCriteriaId":"F1596D4E-FD8B-4443-AAAE-1D4AC6B1CE6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.5.0:beta4:*:*:beta:*:*:*","matchCriteriaId":"997761D0-A8A1-438F-83DE-5E9E4890CEED"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-x8mp-chx3-6x2p","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}