CVE-2025-46824 – Discourse Code Review Plugin Cross-Site Scripting (XSS)

May 7, 2025

CVE ID : CVE-2025-46824

Published : May 7, 2025, 6:15 p.m. | 1 hour, 20 minutes ago

Description : The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users’ browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin. As a workaround, one may disable the plugin.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-20223 – Cisco Catalyst Center HTTP Request Access Control Bypass

Next Article CVE-2025-32820 – SMA100 Path Traversal Privilege Escalation Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

Bing Search APIs to be “decommissioned completely” as Microsoft urges developers to use its Azure agentic AI alternative

Microsoft might kill the Surface Laptop Studio as production is quietly halted

Minecraft licensing robbed us of this controversial NFL schedule release video

The power of generators

The power of generators

Simplify Factory Associations with Laravel’s UseFactory Attribute

This Week in Laravel: React Native, PhpStorm Junie, and more

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

Microsoft has closed its “Experience Center” store in Sydney, Australia — as it ramps up a continued digital growth campaign

Bing Search APIs to be “decommissioned completely” as Microsoft urges developers to use its Azure agentic AI alternative

Microsoft might kill the Surface Laptop Studio as production is quietly halted

CVE-2025-46824 – Discourse Code Review Plugin Cross-Site Scripting (XSS)

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4610 – WordPress WP-Members Membership Plugin Stored Cross-Site Scripting Vulnerability

One of the best tablets for entertainment I’ve tested is not an iPad Air or Samsung Galaxy Tab

Meet Height: An Autonomous Project Management Platform Leading the Next Wave of AI Tools

TikTok adds X-style community notes – here’s how you can apply

Call of Duty: World at War has just been quietly added to Microsoft Store

The best Mini ITX PC cases of 2025: Expert recommended

How Rocket Companies modernized their data science solution on AWS

The Future of Business Analysis Powered by Artificial Intelligence (AI) and Artificial Narrow Intelligence (ANI)

Ransomware Payments Decreased by 35% in 2024, Research Finds

CVE-2025-46824 – Discourse Code Review Plugin Cross-Site Scripting (XSS)

Related Posts