Filter
AND
Software
DiscourseAnonymous cache poisoning via XHR requests in Discourse
8.2
First published (updated )
DiscourseAnonymous cache poisoning via request headers in Discourse
8.2
EPSS
0.04%
First published (updated )
DiscoursePotential Backup file leaked via Nginx in Discourse
7.5
First published (updated )
DiscourseAnonymous cache poisoning via XHR requests in Discourse
8.2
First published (updated )
DiscourseDenial of service by the absence of restrictions on replies to posts in Discourse
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseBypass of email address validation via encoded email addresses in Discourse
8.2
First published (updated )
Discourse Aidiscourse-ai admin-initiated SSRF when interacting with AI services
7.2
EPSS
0.04%
First published (updated )
DiscourseDiscourse vulnerable to unlimited mentioned users in message serializer
8.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse Calendar pluginImproper escaping of user input in discourse-calendar
8
First published (updated )
DiscourseUnauthenticated access to new private chat messages in Discourse
7.5
First published (updated )
DiscourseMalicious requests can fill up the log files resulting in a deinal of service in Discourse
7.5
First published (updated )
DiscourseCross-site Scripting via email preview when CSP disabled in Discourse
8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse Discourse-encryptImproper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration
7.2
First published (updated )
DiscourseDiscourse vulnerable to ossible DDoS due to unbounded limits in various controller actions
7.5
First published (updated )
DiscourseDenial of service via User Custom Sidebar Section Unlimited Link Creation in discourse
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseDiscourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and v…
8.6
First published (updated )
DiscourseDiscourse vulnerable to Cross-site Scripting in local oneboxes
8.8
First published (updated )
DiscourseDiscourse vulnerable to Cross-site Scripting through pending post titles descriptions
8
First published (updated )
DiscourseDiscourse password reset link can lead to in account takeover if user changes to a new email
8.1
First published (updated )
DiscourseDiscourse allows self-XSS through malicious composer message
7.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscoursePossible Server-Side Request Forgery (SSRF) in webhooks
7.6
First published (updated )
DiscourseDiscourse user account takeover via email and invite link
8.9
First published (updated )
DiscourseDiscourse moderators can edit themes via the API
7.2
First published (updated )
DiscourseDiscourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimit…
7.2
First published (updated )
DiscourseEmail activation route can be abused by spammers in Discourse
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.