cvedb.io
CVE-2022-46162
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-11-30T23:15:10.673 · Last modified 2026-06-17T05:11:20.207

Summary

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. As a workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode.

Affected products

discourse — discourse_bbcode

Does this affect you?

Add your gear to cvedb and we'll alert you only when discourse ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.