ByteOS Network

NVD Vulnerability Details :

CVE-2025-22602

Analyzed

Source-security-advisories@github.com

Published At-04 Feb, 2025 | 21:15

Updated At-26 Aug, 2025 | 16:11

Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-694p-c5m3	security-advisories@github.com	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History