Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse 2.7.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-3138
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
Discourse Discourse
Discourse Discourse 2.7.0
3 Github repositories
5.4
CVSSv3
CVE-2023-37467
Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability exists could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. un...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
4.3
CVSSv3
CVE-2023-23622
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read ...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse
5.3
CVSSv3
CVE-2023-22453
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the `/u/username....
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
6.1
CVSSv3
CVE-2023-22455
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerabi...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
8.1
CVSSv3
CVE-2022-46177
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is sti...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
6.1
CVSSv3
CVE-2023-22454
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged use...
Discourse Discourse
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
7.5
CVSSv3
CVE-2023-38684
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
Discourse Discourse
4.3
CVSSv3
CVE-2023-38685
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in ve...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
Discourse Discourse
4.3
CVSSv3
CVE-2023-36466
Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, bet...
Discourse Discourse 1.1.0
Discourse Discourse 1.2.0
Discourse Discourse 1.3.0
Discourse Discourse 1.4.0
Discourse Discourse 1.5.0
Discourse Discourse 1.6.0
Discourse Discourse 1.7.0
Discourse Discourse 1.8.0
Discourse Discourse 1.9.0
Discourse Discourse 2.0.0
Discourse Discourse 2.1.0
Discourse Discourse 2.2.0
Discourse Discourse 2.3.0
Discourse Discourse 2.4.0
Discourse Discourse 2.5.0
Discourse Discourse 2.6.0
Discourse Discourse 2.7.0
Discourse Discourse 2.8.0
Discourse Discourse 2.9.0
Discourse Discourse 3.0.0
Discourse Discourse 3.1.0
Discourse Discourse
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »