Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
discourse discourse 3.1.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-30538
Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed...
Discourse Discourse 3.1.0
Discourse Discourse
NA
CVE-2023-28112
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network...
Discourse Discourse 3.1.0
Discourse Discourse
NA
CVE-2023-29196
Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an...
Discourse Discourse 3.1.0
Discourse Discourse
NA
CVE-2023-25819
Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of...
Discourse Discourse 3.1.0
Discourse Discourse
NA
CVE-2023-25167
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised...
Discourse Discourse
Discourse Discourse 3.1.0
NA
CVE-2023-28107
Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the...
Discourse Discourse 3.1.0
Discourse Discourse
NA
CVE-2023-26040
Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version...
Discourse Discourse 3.1.0
NA
CVE-2023-23616
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
1 Github repository available
NA
CVE-2023-23620
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
1 Github repository available
NA
CVE-2023-28111
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address....
Discourse Discourse 3.1.0
Discourse Discourse
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3079
CVE-2021-4376
CVE-2020-36716
firewall
dos
CVE-2023-32784
CVE-2021-4344
camera
CVE-2021-4356
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »
Vulmon