Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse 3.1.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-47120
Discourse is an open source platform for community discussion. In versions 3.1.0 up to and including 3.1.2 of the `stable` branch and versions 3.1.0,beta6 up to and including 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site wi...
Discourse Discourse 3.1.0
Discourse Discourse 3.2.0
Discourse Discourse
6.1
CVSSv3
CVE-2023-29196
Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an atta...
Discourse Discourse 3.1.0
Discourse Discourse
5.3
CVSSv3
CVE-2023-32061
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an malicious user to exploit the vulnerability and hide s...
Discourse Discourse 3.1.0
Discourse Discourse
5.4
CVSSv3
CVE-2023-30538
Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed ver...
Discourse Discourse 3.1.0
Discourse Discourse
4.9
CVSSv3
CVE-2023-30606
Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and `#notify_changed!`, which when done on a multisite instance, can affect the ent...
Discourse Discourse 3.1.0
Discourse Discourse
5.3
CVSSv3
CVE-2023-34250
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created (but not the a...
Discourse Discourse 3.1.0
Discourse Discourse
5.7
CVSSv3
CVE-2023-25167
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to...
Discourse Discourse
Discourse Discourse 3.1.0
5.4
CVSSv3
CVE-2023-25172
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attack...
Discourse Discourse 3.1.0
Discourse Discourse
5.3
CVSSv3
CVE-2023-31142
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patche...
Discourse Discourse 3.1.0
Discourse Discourse
6.5
CVSSv3
CVE-2023-22739
Discourse is an open source platform for community discussion. Versions before 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious us...
Discourse Discourse
Discourse Discourse 3.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »