CSS injection can occur when rendering content generated with the discourse-bccode plugin.
This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled.
Patches
This issue is patched in the latest version of the discourse-bbcode plugin.
Workarounds
Ensure that the Content Security Policy is enabled. Monitor any posts that contain bbcode.
Severity
Moderate
CVE ID
CVE-2022-46162
Weaknesses
No CWEs
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.
Impact
CSS injection can occur when rendering content generated with the discourse-bccode plugin.
This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled.
Patches
This issue is patched in the latest version of the discourse-bbcode plugin.
Workarounds
Ensure that the Content Security Policy is enabled. Monitor any posts that contain bbcode.