Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39226
Discourse is an open source discussion platform. In versions before 2.8.9 on the `stable` branch and before 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which cause...
Discourse Discourse 2.9.0
Discourse Discourse
NA
CVE-2023-29196
Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and the attacker’s payload must pass the CSP to be executed. However, if an atta...
Discourse Discourse 3.1.0
Discourse Discourse
4.3
CVSSv2
CVE-2021-37633
Discourse is an open source discussion platform. In versions before 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patch...
Discourse Discourse
Discourse Discourse 2.8.0
NA
CVE-2023-43814
Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts ...
Discourse Discourse
Discourse Discourse 3.2.0
NA
CVE-2023-44388
Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. I...
Discourse Discourse
Discourse Discourse 3.2.0
NA
CVE-2023-44391
Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upg...
Discourse Discourse
Discourse Discourse 3.2.0
NA
CVE-2023-47121
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1...
Discourse Discourse 3.2.0
Discourse Discourse
NA
CVE-2023-28107
Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB....
Discourse Discourse 3.1.0
Discourse Discourse
NA
CVE-2023-28111
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The...
Discourse Discourse 3.1.0
Discourse Discourse
NA
CVE-2023-28112
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable malicious users to trigger outbound netwo...
Discourse Discourse 3.1.0
Discourse Discourse
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »