CVE-2025-46824 – Discourse Code Review Plugin Cross-Site Scripting (XSS)

May 7, 2025

CVE ID : CVE-2025-46824

Published : May 7, 2025, 6:15 p.m. | 1 hour, 20 minutes ago

Description : The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users’ browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin. As a workaround, one may disable the plugin.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-20223 – Cisco Catalyst Center HTTP Request Access Control Bypass

Next Article CVE-2025-32820 – SMA100 Path Traversal Privilege Escalation Vulnerability

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

Best early Prime Day Nintendo Switch deals: My 17 favorite sales live now

How I use VirtualBox to run any OS on my Mac – including Linux

Apple will give you a free pair of AirPods when you buy a MacBook or iPad for school – here’s who’s eligible

How Apple’s biggest potential acquisition ever could perplex AI rivals like Google

Music Streaming Platform using PHP and MySQL

Music Streaming Platform using PHP and MySQL

Solutions That Benefit Everyone – Why Inclusive Design Matters for All

Reducing Barriers Across Industries Through Inclusive Design

Windows 11 Installation Assistant Download: 2025 Guide

Windows 11 Installation Assistant Download: 2025 Guide

Didn’t Receive Gears of War: Reloaded Code? Explainer

Fix Vibrant Visuals Greyed Out in Minecraft Bedrock

CVE-2025-46824 – Discourse Code Review Plugin Cross-Site Scripting (XSS)

Typhoon-like gang slinging TLS certificate ‘signed’ by the Los Angeles Police Department

Wedding Invitation Scam: SpyMax RAT Targets Indian WhatsApp Users, Stealing OTPs & Banking Credentials

CVE-2025-20202 – Cisco IOS XE Wireless Controller Software CDP Neighbor Report Denial of Service Vulnerability

CVE-2025-5799 – Tenda AC8 Stack-Based Buffer Overflow Vulnerability

CVE-2023-53136 – Linux af_unix Struct PID Leak Vulnerability

CVE-2025-47754 – V-SFT EditData Out-of-Bounds Read Vulnerability

How to Use a Foreign Key in Django

How to configure JMeter to dynamically read data from one of multiple CSV files based on load distribution?

CVE-2025-4217 – WordPress YouTube Video Optimizer Stored Cross-Site Scripting

Elden Ring Nightreign: How to unlock the Revenant

CVE-2025-46824 – Discourse Code Review Plugin Cross-Site Scripting (XSS)

Related Posts