Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-30538
Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed ver...
Discourse Discourse 3.1.0
Discourse Discourse
4.3
CVSSv3
CVE-2022-46159
Discourse is an open-source discussion platform. In version 2.8.13 and prior on the `stable` branch and version 2.9.0.beta14 and prior on the `beta` and `tests-passed` branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to ...
Discourse Discourse 2.9.0
Discourse Discourse
5.7
CVSSv3
CVE-2022-31096
Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is a...
Discourse Discourse 2.9.0
Discourse Discourse
6.1
CVSSv3
CVE-2024-23834
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1...
Discourse Discourse 3.2.0
Discourse Discourse
5.3
CVSSv3
CVE-2022-24824
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of...
Discourse Discourse
Discourse Discourse 2.9.0
4.3
CVSSv3
CVE-2024-21655
Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0...
Discourse Discourse 3.2.0
Discourse Discourse
8.1
CVSSv3
CVE-2023-28112
Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable malicious users to trigger outbound netwo...
Discourse Discourse 3.1.0
Discourse Discourse
5.4
CVSSv3
CVE-2023-25172
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attack...
Discourse Discourse 3.1.0
Discourse Discourse
7.5
CVSSv3
CVE-2022-31184
Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upg...
Discourse Discourse 2.9.0
Discourse Discourse
4.3
CVSSv3
CVE-2021-43792
Discourse is an open source discussion platform. In affected versions a vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature. A tag group may only allow a certain group (e.g. staff) to view certain tags. Users who...
Discourse Discourse 2.8.0
Discourse Discourse
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »