CVE-2024-45303 — MEDIUM (6.1)

Q: How severe is CVE-2024-45303?

CVE-2024-45303 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-45303?

Check the references section above for vendor advisories and patch information. Affected products include: Discourse Calendar.

Vulnerability Description

Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue is patched in version 0.5 of the Discourse Calendar plugin.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Discourse	Calendar	< 0.5

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2024-45303?

CVE-2024-45303 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affe...

How severe is CVE-2024-45303?

CVE-2024-45303 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-45303?

Check the references section above for vendor advisories and patch information. Affected products include: Discourse Calendar.