cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-54142,https://securityvulnerability.io/vulnerability/CVE-2024-54142,HTML Entity Exposure in Discourse AI Plugin by Discourse,"The Discourse AI plugin introduces a vulnerability that could potentially expose HTML entities present in conversations when shared in posts. If a user visits a post featuring a onebox linked to a conversation, these HTML entities may inadvertently leak into the Discourse application. The issue has been mitigated in a recent commit, and users are strongly encouraged to update their installations. For those unable to update, it is recommended to modify the 'ai bot public sharing allowed groups' site setting to prevent such leakage.",Discourse,Discourse-ai,9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T23:15:00.000Z,0
CVE-2024-23654,https://securityvulnerability.io/vulnerability/CVE-2024-23654,Admin-Initiated SSRF Attacks Vulnerability in Discourse-AI Plugin,"The Discourse AI plugin for the Discourse platform has a vulnerability that allows unauthorized admin-initiated Server-Side Request Forgery (SSRF) attacks. This vulnerability arises from interactions with various AI services, exposing the system to potential exploitation. Versions of the plugin affected by this issue have been addressed in later commits, specifically after commit 94ba0dadc2cf38e8f81c3936974c167219878edd, which contains the necessary patch. For immediate remediation, users can temporarily disable the discourse-ai plugin.",discourse,discourse-ai,7.2,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2024-02-21T20:28:12.939Z,0