What is the vulnerability ID for this Discourse Calendar vulnerability?

The vulnerability ID for this Discourse Calendar vulnerability is CVE-2022-31059.

What is the severity level of CVE-2022-31059?

The severity level of CVE-2022-31059 is medium (5.4).

How does CVE-2022-31059 impact Discourse Calendar?

CVE-2022-31059 impacts Discourse Calendar by making the parsing and rendering of event names susceptible to cross-site scripting (XSS) attacks.

Which versions of Discourse Calendar are affected by CVE-2022-31059?

Versions prior to 1.0.1 of Discourse Calendar are affected by CVE-2022-31059.

How can I fix CVE-2022-31059 in Discourse Calendar?

To fix CVE-2022-31059 in Discourse Calendar, it is recommended to update to version 1.0.1 or later of the plugin.

Vulnerability/
CVE-2022-31059

medium

6.5

CWE

14/6/2022

3/8/2024

CVE-2022-31059: Discourse Calendar Event names susceptible to Cross-site Scripting

First published: Tue Jun 14 2022(Updated: )

Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in version 1.0.1 of the Discourse Calendar plugin. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Discourse Discourse Calendar	<1.0.1

Remedy

https://github.com/discourse/discourse-calendar/commit/2719b9e81994e961bf8c4e12b4556dc9777dd62f

Remedy

https://github.com/discourse/discourse-calendar/pull/280

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this Discourse Calendar vulnerability?
The vulnerability ID for this Discourse Calendar vulnerability is CVE-2022-31059.
What is the severity level of CVE-2022-31059?
The severity level of CVE-2022-31059 is medium (5.4).
How does CVE-2022-31059 impact Discourse Calendar?
CVE-2022-31059 impacts Discourse Calendar by making the parsing and rendering of event names susceptible to cross-site scripting (XSS) attacks.
Which versions of Discourse Calendar are affected by CVE-2022-31059?
Versions prior to 1.0.1 of Discourse Calendar are affected by CVE-2022-31059.
How can I fix CVE-2022-31059 in Discourse Calendar?
To fix CVE-2022-31059 in Discourse Calendar, it is recommended to update to version 1.0.1 or later of the plugin.

collector/nvd-index
agent/type
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/tags
agent/title
agent/description
agent/event
agent/first-publish-date
vendor/discourse
canonical/discourse discourse calendar

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.