CVE-2024-52794

MEDIUM6.1EPSS 0.71%

Magnific lightbox susceptible to Cross-site Scripting in Discourse

Published: 12/23/2024Modified: 8/27/2025

Also known as:GHSA-m3v4-v2rp-hfm9BIT-discourse-2024-52794

Description

Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected packages (1)

Bitnami/discoursefrom 0, < 3.3.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (2)

WEBhttps://github.com/discourse/discourse/security/advisories/GHSA-m3v4-v2rp-hfm9
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-52794