cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-43657,https://securityvulnerability.io/vulnerability/CVE-2023-43657,Improper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration,"The discourse-encrypt plugin for Discourse has a defect related to improper escaping of encrypted topic titles. This issue can result in a cross site scripting (XSS) vulnerability when the site's Content Security Policy (CSP) headers are not enabled. Although this scenario occurs under a non-default condition, the presence of CSP headers is crucial for reducing risk. To address this vulnerability, users are encouraged to update the discourse-encrypt plugin to the latest version as indicated in commit `9c75810af9`. For users unable to perform the update, enabling and appropriately configuring CSP headers is strongly recommended.",Discourse,Discourse-encrypt,7.2,HIGH,0.0007900000200606883,false,,false,false,false,,,false,false,,2023-09-28T19:15:00.000Z,0