CVE Catalog

CVE-2023-36466

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

26th percentile — higher than 26% of all known CVEs

Summary

Discourse is an open source discussion platform that has a vulnerability allowing users to bypass topic title validations when editing topics. The issues involve title length, number of emojis in the title, and blank topic titles.

Risk Assessment

Bypassing title validations may lead to the introduction of inappropriate or malicious content, which can affect the platform's reputation and user experience.

Recommendation

It is recommended to update Discourse to the latest stable version to patch this vulnerability.

Original NVD description (English source)

Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS