Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discourse discourse 3.2.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-23834
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1...
Discourse Discourse 3.2.0
Discourse Discourse
NA
CVE-2023-49099
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
Discourse Discourse 3.2.0
Discourse Discourse
NA
CVE-2024-21655
Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0...
Discourse Discourse 3.2.0
Discourse Discourse
NA
CVE-2023-48297
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.
Discourse Discourse 3.2.0
Discourse Discourse
NA
CVE-2023-47120
Discourse is an open source platform for community discussion. In versions 3.1.0 up to and including 3.1.2 of the `stable` branch and versions 3.1.0,beta6 up to and including 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site wi...
Discourse Discourse 3.1.0
Discourse Discourse 3.2.0
Discourse Discourse
NA
CVE-2023-47121
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1...
Discourse Discourse 3.2.0
Discourse Discourse
NA
CVE-2023-46130
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect th...
Discourse Discourse 3.2.0
Discourse Discourse
NA
CVE-2023-45806
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that ge...
Discourse Discourse 3.2.0
Discourse Discourse
NA
CVE-2023-45816
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the...
Discourse Discourse 3.2.0
Discourse Discourse
NA
CVE-2023-47119
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched ...
Discourse Discourse 3.2.0
Discourse Discourse
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »