Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse 2.6.0 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-24327
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
Discourse Discourse 2.3.2
Discourse Discourse 2.6.0
NA
CVE-2023-23622
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read ...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse
NA
CVE-2023-22453
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username....
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
NA
CVE-2023-22454
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged use...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
NA
CVE-2022-46177
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is sti...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
NA
CVE-2023-37467
Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability exists could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. un...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
NA
CVE-2023-22455
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerabi...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
NA
CVE-2023-37904
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` br...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
Discourse Discourse
NA
CVE-2023-36466
Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, bet...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
Discourse Discourse
NA
CVE-2023-37906
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
Discourse Discourse
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »