Filter
-Infinity
0
Trending
DiscourseCross-site Scripting (XSS) via topic titles when CSP disabled in Discourse
4.3
First published (updated )
DiscoursePartial denial of service via inline oneboxes in Discourse
4.3
First published (updated )
DiscoursePotential bypass of chat permissions in Discourse
4.3
First published (updated )
DiscourseAnonymous cache poisoning via XHR requests in Discourse
8.2
First published (updated )
DiscourseUsers can see other user's tagged PMs in Discourse
2.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseHTMLi(XSS without CSP) via Onebox urls in Discourse
6.5
First published (updated )
DiscourseClient Side Path Traversal using activate account route in Discourse
3.1
First published (updated )
DiscourseStored DOM-based XSS (without CSP) via video placeholders in Discourse
6.5
First published (updated )
DiscourseAnonymous cache poisoning via request headers in Discourse
8.2
EPSS
0.04%
First published (updated )
DiscourseCross-site Scripting via Discourse-ai SharedAiConversation onebox in Discourse
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseBypass of Discourse Connect using other login paths if enabled in Discourse
5.3
First published (updated )
DiscourseModerators can view Screened emails even when the “moderators view emails” option is disabled in Discourse
2.2
First published (updated )
DiscourseMagnific lightbox susceptible to Cross-site Scripting in Discourse
6.8
First published (updated )
DiscoursePotential Backup file leaked via Nginx in Discourse
7.5
First published (updated )
DiscourseAnonymous cache poisoning via XHR requests in Discourse
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseCross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse
6.5
First published (updated )
DiscourseDenial of service by the absence of restrictions on replies to posts in Discourse
7.5
First published (updated )
DiscoursePrevent topic list filtering by hidden tags for unauthorized users in Discourse
5.3
First published (updated )
DiscourseBypass of email address validation via encoded email addresses in Discourse
8.2
First published (updated )
Discourse Calendar pluginDiscourse Calendar plugin event names susceptible to XSS
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse Calendar pluginInsufficient control of region value length in discourse-calendar
4.3
First published (updated )
DiscourseDiscourse allows iframe injection though default site setting
6.1
First published (updated )
DiscourseDenial of service via Watched Words in Discourse
4.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseDiscourse vulnerable to Server-Side Request Forgery via FastImage
6.4
First published (updated )
DiscourseDiscourse doesn't limit reviewable user serializer payload
4.3
First published (updated )
DiscourseDiscourse missing authorization checks for suspending admins/moderators
6.5
First published (updated )
DiscourseDiscourse vulnerable to stored-dom XSS via Facebook Oneboxes
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.