Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse 2.6.0 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-24327
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
Discourse Discourse 2.3.2
Discourse Discourse 2.6.0
5.4
CVSSv3
CVE-2023-37467
Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability exists could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. un...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
6.1
CVSSv3
CVE-2023-22455
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerabi...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
8.1
CVSSv3
CVE-2022-46177
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is sti...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
6.1
CVSSv3
CVE-2023-22454
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged use...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
5.3
CVSSv3
CVE-2023-22453
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username....
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
4.3
CVSSv3
CVE-2023-23622
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read ...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse
2.7
CVSSv3
CVE-2023-28440
Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where ad...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
Discourse Discourse
4.3
CVSSv3
CVE-2023-36466
Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, bet...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
Discourse Discourse
4.3
CVSSv3
CVE-2023-23616
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potenti...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »