COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-53963

CVE-2026-53963

Severity
high
Source
NVD · cve
Published
2026-07-09
CVSS
7.3
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-53963
shame 25/100

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator imp

Players implicated

discourse · vendordiscourse · product

Description

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that account. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.