Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds.
We have discovered 1,186 live websites that are affected by CVE-2023-26040.
Product | |
Category | Message Boards |
Vulnerable Domains | 1,186 live websites (22.70% of Discourse install base) |
Vulnerable Versions |
|
Vulnerable Versions Count | 78 versions ( 82.11% of all versions) |
![]() | 810 websites |
![]() | 100 websites |
![]() | 55 websites |
![]() | 35 websites |
![]() | 26 websites |
![]() | 18 websites |
![]() | 11 websites |
![]() | 11 websites |
![]() | 10 websites |
.com | 497 websites |
.org | 193 websites |
.io | 59 websites |
.net | 51 websites |
.de | 25 websites |
.fr | 15 websites |
.co | 14 websites |
.eu | 12 websites |
.ru | 12 websites |
.com.br | 10 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
*********.***.com | ![]() | *,*** | |
*********.*******.org | ![]() | **,*** | |
******.********.com | ![]() | **,*** | |
*********.***************.com | ![]() | **,*** | |
*********.**********.de | ![]() | ***,*** | |
*********.*********.com | ***,*** | ||
*********.**********.io | ![]() | ***,*** | |
***.***********.org | ![]() | ***,*** | |
*****.******.com | ![]() | ***,*** | |
***********.net | ![]() | ***,*** |
FAQ