Vulnerability Database

308,926

Total vulnerabilities in the database

CVE-2025-58054

Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text editor. This issue is fixed in version 3.5.1.

Published: Oct 1, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-58054
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.5
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWEs:

CWE-80

Affected Software
References

Software	From	Fixed in
discourse / discourse	-	3.5.0
discourse / discourse	-	3.6.0
discourse / discourse	3.6.0-beta1	3.6.0-beta1.x

https://github.com/discourse/discourse/commit/3a224fd546d894ee408e7414b6879e814a792f91
https://github.com/discourse/discourse/security/advisories/GHSA-7p47-8m82-m2vf

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo