Filter
Software
discourse discourse
120
discourse discourse calendar
3
discourse discourse-chat
3
discourse calendar
2
discourse discourse reactions
2
discourse assign
1
discourse discotoc
1
discourse discourse bbcode
1
discourse discourse footnote
1
discourse discourse jira
1
discourse discourse yearly review
1
discourse discourse-encrypt
1
discourse group membership ip blocks
1
discourse mermaid
1
discourse message bus
1
discourse patreon
1
discourse rails multisite
1
discourse reactions
1
Discourse DiscourseCross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse
6.5
First published (updated )
Discourse DiscourseDenial of service by the absence of restrictions on replies to posts in Discourse
7.5
First published (updated )
Discourse DiscoursePrevent topic list filtering by hidden tags for unauthorized users in Discourse
5.3
First published (updated )
Discourse DiscourseBypass of email address validation via encoded email addresses in Discourse
8.2
First published (updated )
Discourse CalendarDiscourse Calendar plugin event names susceptible to XSS
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse Discourse CalendarInsufficient control of region value length in discourse-calendar
4.3
First published (updated )
Discourse DiscourseDiscourse allows iframe injection though default site setting
6.1
First published (updated )
Discourse DiscourseDiscourse vulnerable to DoS via Tag Group
7.5
First published (updated )
Discourse DiscourseDiscourse has an XSS via Onebox system
6.3
First published (updated )
Discourse DiscourseDiscourse vulnerable to Server-Side Request Forgery via FastImage
6.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse doesn't limit reviewable user serializer payload
4.3
First published (updated )
Discourse DiscourseDiscourse missing authorization checks for suspending admins/moderators
6.5
First published (updated )
Discourse DiscourseDiscourse vulnerable to stored-dom XSS via Facebook Oneboxes
6.1
First published (updated )
Discourse Group Membership Ip Blocksdiscourse-group-membership-ip-block is exposing potentially sensitive custom fields
5.3
EPSS
0.05%
First published (updated )
Discourse DiscourseDiscourse improperly sanitized user input leads to XSS
6.3
EPSS
0.05%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse secure uploads accessible to guests even when login is required
4.3
First published (updated )
Discourse DiscourseInsufficient control of custom field value sizes
4.3
EPSS
0.04%
First published (updated )
Discourse Discourse ReactionsReaction data for user notifications exposed in Discourse-reactions
3.5
First published (updated )
Discourse DiscourseDiscourse vulnerable to unlimited mentioned users in message serializer
8.6
First published (updated )
CVE-2023-47121Discourse SSRF vulnerability in Embedding
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-47120Discourse DoS through Onebox favicon URL
7.5
First published (updated )
CVE-2023-46130Bypassing height value allowed in some theme components
5.4
First published (updated )
CVE-2023-45816Unread bookmark reminder notifications that the user cannot access can be seen
3.3
First published (updated )
CVE-2023-45806Discourse vulnerable to DoS via Regexp Injection in Full Name
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse Discourse CalendarImproper escaping of user input in discourse-calendar
8
First published (updated )
Discourse DiscourseUnauthenticated access to new private chat messages in Discourse
7.5
First published (updated )
Discourse DiscoursePrevent unauthorized access to summary details in Discourse
5.3
First published (updated )
Discourse DiscourseMalicious requests can fill up the log files resulting in a deinal of service in Discourse
7.5
First published (updated )
Discourse DiscourseExposure of poll options and votes to unauthorized users in Discourse
3.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.