Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-44391
Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upg...
Discourse Discourse
Discourse Discourse 3.2.0
4.3
CVSSv2
CVE-2021-37633
Discourse is an open source discussion platform. In versions before 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patch...
Discourse Discourse 2.8.0
Discourse Discourse
5
CVSSv2
CVE-2021-37693
Discourse is an open-source platform for community discussion. In Discourse prior to 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additi...
Discourse Discourse 2.8.0
Discourse Discourse
4.3
CVSSv2
CVE-2021-37703
Discourse is an open-source platform for community discussion. In Discourse prior to 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed.
Discourse Discourse 2.8.0
Discourse Discourse
5
CVSSv2
CVE-2022-21677
Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group's members visibility set to public ...
Discourse Discourse 2.8.0
Discourse Discourse
NA
CVE-2022-39356
Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. All users should upgrade to the latest ver...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2022-39378
Discourse is a platform for community discussion. Under certain conditions, a user badge may have been awarded based on a user's activity in a topic with restricted access. Before this vulnerability was disclosed, the topic title of the topic associated with the user badge m...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2022-39385
Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This ...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2022-39241
Discourse is a platform for community discussion. A malicious admin could use this vulnerability to perform port enumeration on the local host or other hosts on the internal network, as well as against hosts on the Internet. Latest `stable`, `beta`, and `test-passed` versions are...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2022-39226
Discourse is an open source discussion platform. In versions before 2.8.9 on the `stable` branch and before 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which cause...
Discourse Discourse 2.9.0
Discourse Discourse
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »