CVE-2025-46824 – Discourse Code Review Plugin Cross-Site Scripting (XSS)

May 7, 2025

CVE ID : CVE-2025-46824

Published : May 7, 2025, 6:15 p.m. | 1 hour, 20 minutes ago

Description : The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users’ browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin. As a workaround, one may disable the plugin.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-20223 – Cisco Catalyst Center HTTP Request Access Control Bypass

Next Article CVE-2025-32820 – SMA100 Path Traversal Privilege Escalation Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Your password manager is under attack, and this new threat makes it worse: How to defend yourself

EcoFlow’s new backyard solar energy system starts at $599 – no installation crews or permits needed

Why Sonos’ cheapest smart speaker is one of my favorites – even a year after its release

7 productivity gadgets I can’t live without (and why they make such a big difference)

Tap into Your PHP Potential with Free Projects at PHPGurukul

Tap into Your PHP Potential with Free Projects at PHPGurukul

Preparing for AI? Here’s How PIM Gets Your Data in Shape

A Closer Look at the AI Assistant of Oracle Analytics

kew v3.2.0 improves internet radio support and more

kew v3.2.0 improves internet radio support and more

GNOME Replace Totem Video Player with Showtime

Placemark is a web-based tool for geospatial data

CVE-2025-46824 – Discourse Code Review Plugin Cross-Site Scripting (XSS)

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2024-13962 – Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability

Artificial Intelligence – What’s all the fuss?

I always turn off this default TV setting when watching movies – here’s why you should, too

Australian Businesses at Risk as Threat Actors Exploit Fortinet Vulnerabilities

Can you still get a Windows 10 upgrade for free in 2025? Short answer: Maybe

Adobe Invites You to Preview the Export and Import Form Data API

What is Dataset Distillation Learning? A Comprehensive Overview

SQLite Studio is a SQLite Database Explorer

Unable to launch Citrix application through JMeter

CVE-2025-46824 – Discourse Code Review Plugin Cross-Site Scripting (XSS)

Related Posts