Discourse Code Review
Approved changes feed: RSS · Atom
cpe:2.3:a:discourse:discourse-code-review:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Discourse (2d3c125b-857a-5933-b846-ed7f9d5e0225) |
|---|---|
| Product | Discourse Code Review (46c65319-78c6-54c8-87a6-2c9cbfe41adb) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-46824 |
vulnerable | 2026-06-03 15:01:28.109785 |
Discourse Code Review Plugin vulnerable to XSS via auto link commits
LOW (3.1)
The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin. As a workaround, one may disable the plugin.
Published: 2025-05-07T17:37:56.214Z
Updated: 2025-08-20T19:46:09.955Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.