Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse 2.8.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-43793
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse
Discourse Discourse 2.8.0
Discourse Discourse
5.4
CVSSv3
CVE-2021-32764
Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Pol...
Discourse Discourse
Discourse Discourse 2.8.0
6.1
CVSSv3
CVE-2021-41095
Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and previous versions of the `stable` branch, versions 2.8.0.beta6 and previous versions of the `beta` branch, and versions 2.8.0.beta6 and previous versions of ...
Discourse Discourse 2.8.0
Discourse Discourse
5.3
CVSSv3
CVE-2021-41271
Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta a...
Discourse Discourse
Discourse Discourse 2.8.0
6.1
CVSSv3
CVE-2021-37633
Discourse is an open source discussion platform. In versions before 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patch...
Discourse Discourse
Discourse Discourse 2.8.0
7.5
CVSSv3
CVE-2021-37693
Discourse is an open-source platform for community discussion. In Discourse prior to 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additi...
Discourse Discourse
Discourse Discourse 2.8.0
4.3
CVSSv3
CVE-2021-37703
Discourse is an open-source platform for community discussion. In Discourse prior to 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed.
Discourse Discourse
Discourse Discourse 2.8.0
6.8
CVSSv3
CVE-2021-43850
Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums ar...
Discourse Discourse
Discourse Discourse 2.8.0
9.8
CVSSv3
CVE-2021-41163
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed...
Discourse Discourse 2.8.0
Discourse Discourse
4.3
CVSSv3
CVE-2021-43792
Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who...
Discourse Discourse 2.8.0
Discourse Discourse
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »