Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-32764
Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Pol...
Discourse Discourse
Discourse Discourse 2.8.0
312
VMScore
CVE-2021-43792
Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who...
Discourse Discourse 2.8.0
Discourse Discourse
NA
CVE-2024-21655
Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0...
Discourse Discourse 3.2.0
Discourse Discourse
NA
CVE-2022-36066
Discourse is an open source discussion platform. In versions before 2.8.9 on the `stable` branch and before 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger re...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2022-46159
Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to ...
Discourse Discourse 2.9.0
Discourse Discourse
668
VMScore
CVE-2019-1020018
Discourse prior to 2.3.0 and 2.4.x prior to 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
Discourse Discourse
Discourse Discourse 2.4.0
383
VMScore
CVE-2021-41095
Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and previous versions of the `stable` branch, versions 2.8.0.beta6 and previous versions of the `beta` branch, and versions 2.8.0.beta6 and previous versions of ...
Discourse Discourse 2.8.0
Discourse Discourse
445
VMScore
CVE-2021-41271
Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta a...
Discourse Discourse
Discourse Discourse 2.8.0
445
VMScore
CVE-2022-24804
Discourse is an open source platform for community discussion. In stable versions before 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leake...
Discourse Discourse
Discourse Discourse 2.9.0
445
VMScore
CVE-2022-24824
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of...
Discourse Discourse
Discourse Discourse 2.9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »