Tag descriptions, which can be updated by moderators, can be used for XSS attacks.
This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy.
Impact
Tag descriptions, which can be updated by moderators, can be used for XSS attacks.
Patches
This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
Workarounds
This vulnerability can lead to a full XSS on sites which have modified or disabled Discourse’s default Content Security Policy.