CVE-2024-52794
Magnific lightbox susceptible to Cross-site Scripting in Discourse
6.1
MEDIUM
CVSS 3.1
EPSS 0.71%
Description
Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
How to fix CVE-2024-52794
To remediate CVE-2024-52794, upgrade the affected package to a fixed version below.
- —upgrade to 3.3.3 or later
Is CVE-2024-52794 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.3.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |