Filters
Software
discourse discourse
82
discourse discourse-chat
3
discourse calendar
2
discourse discourse calendar
2
discourse assign
1
discourse discotoc
1
discourse discourse footnote
1
discourse discourse jira
1
discourse discourse reactions
1
discourse discourse yearly review
1
discourse group membership ip blocks
1
discourse mermaid
1
discourse message bus
1
discourse reactions
1
Discourse DiscourseCross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse
6.5
First published (updated )
Discourse DiscoursePrevent topic list filtering by hidden tags for unauthorized users in Discourse
5.3
First published (updated )
Discourse CalendarDiscourse Calendar plugin event names susceptible to XSS
6.1
First published (updated )
Discourse Discourse CalendarInsufficient control of region value length in discourse-calendar
4.3
First published (updated )
Discourse DiscourseDiscourse allows iframe injection though default site setting
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse has an XSS via Onebox system
6.3
First published (updated )
Discourse DiscourseDiscourse vulnerable to Server-Side Request Forgery via FastImage
6.4
First published (updated )
Discourse DiscourseDiscourse doesn't limit reviewable user serializer payload
4.3
First published (updated )
Discourse DiscourseDiscourse missing authorization checks for suspending admins/moderators
6.5
First published (updated )
Discourse DiscourseDiscourse vulnerable to stored-dom XSS via Facebook Oneboxes
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse Group Membership Ip Blocksdiscourse-group-membership-ip-block is exposing potentially sensitive custom fields
5.3
EPSS
0.05%
First published (updated )
Discourse DiscourseDiscourse improperly sanitized user input leads to XSS
6.3
EPSS
0.05%
First published (updated )
Discourse DiscourseDiscourse secure uploads accessible to guests even when login is required
4.3
First published (updated )
Discourse DiscourseInsufficient control of custom field value sizes
4.3
EPSS
0.04%
First published (updated )
Discourse DiscourseHTML injection in oneboxed links
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseBypassing height value allowed in some theme components
5.4
First published (updated )
Discourse DiscourseDiscourse vulnerable to DoS via Regexp Injection in Full Name
5.4
First published (updated )
Discourse DiscoursePrevent unauthorized access to summary details in Discourse
5.3
First published (updated )
Discourse DiscourseArbitrary keys can be added to a topic's custom fields by any user in Discourse
4.9
First published (updated )
Discourse Discourse JiraDiscourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location
4.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse DoS via SvgSprite cache
6.5
First published (updated )
Discourse DiscourseDiscourse DoS via remote theme assets
6.5
First published (updated )
Discourse DiscourseDiscourse DoS via 2FA and Security Key Names
6.5
First published (updated )
Discourse DiscourseDiscourse vulnerable to DoS via drafts
6.5
First published (updated )
Discourse DiscourseDiscourse's restricted tag information visible to unauthenticated users
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse vulnerable to DoS via defer queue
6.5
EPSS
0.04%
First published (updated )
Discourse DiscourseDiscourse vulnerable to DoS via post edit reason
4.3
EPSS
0.04%
First published (updated )
Discourse DiscourseDiscourse CSP nonce reuse vulnerability for anonymous users
6.8
First published (updated )
Discourse DiscourseTopic Title Validation Skipped When Changing Category in Discourse
4.3
First published (updated )
Discourse DiscourseCSP nonce reuse vulnerability in Discourse
6.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseDiscourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and v…
5.3
First published (updated )
Discourse DiscourseDiscourse Topic Creation Page Allows iFrame Tag without Restrictions
5.4
First published (updated )
Discourse DiscourseDiscourse's general category permissions could be set back to default
5.3
First published (updated )
Discourse ReactionsReaction metadata exposed in private topics in Discourse-reactions
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseMultisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse
4.9
First published (updated )
Discourse DiscourseStored Cross-site Scripting via improper sanitization of svg files in Discourse
5.4
First published (updated )
Discourse DiscourseDiscourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and v…
4.9
First published (updated )
Discourse DiscourseDiscourse vulnerable to Cross-site Scripting - user name displayed on post
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscoursePresence of restricted personal Discourse messages may be leaked if tagged with a tag
4.3
First published (updated )
Discourse Discourse Yearly ReviewYearly Review Plugin leaking anonymised users data in discourse-yearly-review
5.3
First published (updated )
Discourse DiscourseDiscourse tags with no visibility are leaking into og:article:tag
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse DiscourseRegular expression denial of service via installing themes via git in discourse
6.5
First published (updated )
Discourse DiscourseCVE-2023-23615
First published (updated )
Discourse DiscourseDiscourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3…
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.