QSearchQSearch

CVE-2021-39161

4.4 MEDIUM

Discourse is an open source platform for community discussion

Published: 2021-08-26 · Last updated: 2026-06-17

Severity and scoring

CVSS
4.4 MEDIUM
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
CWE-79

Affected products

VendorProduct
discoursediscourse

Description

Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed Discourse's default Content Security Policy have allowed for moderators to modify categories. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-34154 Discourse is an open-source discussion platform (5.3 MEDIUM)
  • CVE-2026-33514 Discourse is an open-source discussion platform (4.3 MEDIUM)
  • CVE-2026-32244 Discourse is an open-source discussion platform (5.3 MEDIUM)
  • CVE-2021-41163 Discourse is an open source platform for community discussion (10.0 CRITICAL)
  • CVE-2021-41140 Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post (5.3 MEDIUM)

Same CWE

  • CVE-2026-12425 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
  • CVE-2024-30476 PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
  • CVE-2026-54198 Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
  • CVE-2026-54191 Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)
  • CVE-2026-39437 Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions (7.1 HIGH)