CVE-2026-27154 | Discourse up to 2025.12.1/2026.1.0 cross site scripting (GHSA-xv43-5gcp-wgw8)

Inserito da Angelo Barbosa | Feb 27, 2026 | CVE

A vulnerability identified as problematic has been detected in Discourse up to 2025.12.1/2026.1.0. Impacted is an unknown function. This manipulation causes cross site scripting.

This vulnerability appears as CVE-2026-27154. The attack may be initiated remotely. There is no available exploit.

You should upgrade the affected component.

CVE-2026-27154 | Discourse up to 2025.12.1/2026.1.0 cross site scripting (GHSA-xv43-5gcp-wgw8)

Post correlati

CVE-2024-27097 | ckan Reset User Endpoint neutralization for logs

CVE-2025-48301 | YayCommerce SMTP for SendGrid Plugin up to 1.5 on WordPress sql injection

CVE-2025-30147 | hyperledger besu-native up to 1.2.x missing cryptographic step (GHSA-jcp8-gh74-97hq)

CVE-2024-51060 | Project Worlds Online Admission System 1.0 index.php a_id sql injection