{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T21:31:45.420","vulnerabilities":[{"cve":{"id":"CVE-2025-48954","sourceIdentifier":"security-advisories@github.com","published":"2025-06-25T14:15:24.777","lastModified":"2025-09-25T20:27:53.497","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled."},{"lang":"es","value":"Discourse es una plataforma de discusión de código abierto. Las versiones anteriores a la 3.5.0.beta6 son vulnerables a ataques de cross-site scripting cuando la política de seguridad de contenido no está habilitada al usar inicios de sesión con redes sociales. La versión 3.5.0.beta6 soluciona el problema. Como solución alternativa, active la política de seguridad de contenido."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:*:*:*:*:beta:*:*:*","versionEndExcluding":"3.5.0","matchCriteriaId":"A0A6583A-A8AE-4C05-8947-79A0E4A73E1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.5.0:beta1:*:*:beta:*:*:*","matchCriteriaId":"66931995-F794-48F0-9DBB-9048B6C9D8DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.5.0:beta2:*:*:beta:*:*:*","matchCriteriaId":"B0461B93-273C-4305-80F9-C70A100B4DFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.5.0:beta3:*:*:beta:*:*:*","matchCriteriaId":"F1596D4E-FD8B-4443-AAAE-1D4AC6B1CE6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.5.0:beta4:*:*:beta:*:*:*","matchCriteriaId":"997761D0-A8A1-438F-83DE-5E9E4890CEED"},{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse:3.5.0:beta5:*:*:beta:*:*:*","matchCriteriaId":"685B6537-929A-4DC9-8984-E114C5CB6E77"}]}]}],"references":[{"url":"https://github.com/discourse/discourse/security/advisories/GHSA-26p5-mjjh-wfcf","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}