Filter
AND
Software
discourse discourse
83
discourse discourse-chat
3
discourse calendar
2
discourse discourse calendar
2
discourse assign
1
discourse discotoc
1
discourse discourse footnote
1
discourse discourse jira
1
discourse discourse reactions
1
discourse discourse yearly review
1
discourse group membership ip blocks
1
discourse mermaid
1
discourse message bus
1
discourse reactions
1
Discourse DiscourseCross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse
6.5
First published (updated )
Discourse DiscoursePrevent topic list filtering by hidden tags for unauthorized users in Discourse
5.3
First published (updated )
Discourse CalendarDiscourse Calendar plugin event names susceptible to XSS
6.1
First published (updated )
Discourse Discourse CalendarInsufficient control of region value length in discourse-calendar
4.3
First published (updated )
Discourse DiscourseDiscourse allows iframe injection though default site setting
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse has an XSS via Onebox system
6.3
First published (updated )
Discourse DiscourseDiscourse vulnerable to Server-Side Request Forgery via FastImage
6.4
First published (updated )
Discourse DiscourseDiscourse doesn't limit reviewable user serializer payload
4.3
First published (updated )
Discourse DiscourseDiscourse missing authorization checks for suspending admins/moderators
6.5
First published (updated )
Discourse DiscourseDiscourse vulnerable to stored-dom XSS via Facebook Oneboxes
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse Group Membership Ip Blocksdiscourse-group-membership-ip-block is exposing potentially sensitive custom fields
5.3
EPSS
0.05%
First published (updated )
Discourse DiscourseDiscourse improperly sanitized user input leads to XSS
6.3
EPSS
0.05%
First published (updated )
Discourse DiscourseDiscourse secure uploads accessible to guests even when login is required
4.3
First published (updated )
Discourse DiscourseInsufficient control of custom field value sizes
4.3
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-46130Bypassing height value allowed in some theme components
5.4
First published (updated )
CVE-2023-45806Discourse vulnerable to DoS via Regexp Injection in Full Name
5.4
First published (updated )
Discourse DiscoursePrevent unauthorized access to summary details in Discourse
5.3
First published (updated )
Discourse DiscourseArbitrary keys can be added to a topic's custom fields by any user in Discourse
4.9
First published (updated )
Discourse Discourse JiraDiscourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location
4.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse DoS via SvgSprite cache
6.5
First published (updated )
Discourse DiscourseDiscourse DoS via remote theme assets
6.5
First published (updated )
Discourse DiscourseDiscourse DoS via 2FA and Security Key Names
6.5
First published (updated )
Discourse DiscourseDiscourse vulnerable to DoS via drafts
6.5
First published (updated )
Discourse DiscourseDiscourse's restricted tag information visible to unauthenticated users
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse vulnerable to DoS via defer queue
6.5
EPSS
0.04%
First published (updated )
Discourse DiscourseDiscourse vulnerable to DoS via post edit reason
4.3
EPSS
0.04%
First published (updated )
Discourse DiscourseDiscourse CSP nonce reuse vulnerability for anonymous users
6.8
First published (updated )
Discourse DiscourseTopic Title Validation Skipped When Changing Category in Discourse
4.3
First published (updated )
Discourse DiscourseCSP nonce reuse vulnerability in Discourse
6.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.