Filter
AND
-Infinity
0
Trending
Discourse MermaidArbitrary HTML injection in discourse-mermaid-theme-component
5.4
First published (updated )
DiscourseDiscourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an…
6.5
First published (updated )
DiscourseDiscourse vulnerable to bypass of post max_length using HTML comments
6.5
First published (updated )
DiscourseDiscourse vulnerable to private topic leak via email#send_digest
5.5
First published (updated )
DiscourseDiscourse vulnerable to exposure of user post counts per topic to unauthorized users
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseDiscourse vulnerable to Cross-site Scripting through tag descriptions
6.8
First published (updated )
DiscourseDiscourse subject to Allocation of Resources Without Limits or Throttling
6.5
First published (updated )
DiscourseDiscourse membership requests lack character limit
4.3
First published (updated )
DiscourseDiscourse restricted tag routes leak topic information
5.3
First published (updated )
DiscourseDiscourse vulnerable to Allocation of Resources Without Limits via Chat drafts
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseDiscourse's exclude_tags param could leak which topics had a specific hidden tag
5.3
First published (updated )
DiscourseMalicious users in Discourse can create spam topics as any user due to improper access control
5.3
First published (updated )
DiscourseRegular expression denial of service via installing themes via git in discourse
6.5
First published (updated )
DiscourseDiscourse tags with no visibility are leaking into og:article:tag
5.3
First published (updated )
DiscourseYearly Review Plugin leaking anonymised users data in discourse-yearly-review
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscoursePresence of restricted personal Discourse messages may be leaked if tagged with a tag
4.3
First published (updated )
DiscourseDiscourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users
4.3
First published (updated )
DiscourseDiscourse chat messages susceptible to Cross-site Scripting through chat excerpts
6.5
First published (updated )
DiscourseDiscourse vulnerable to Cross-site Scripting - user name displayed on post
5.4
First published (updated )
DiscourseDiscourse vulnerable to multisite DoS by spamming backups
4.9
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseHTMLi(XSS without CSP) via Onebox urls in Discourse
6.5
First published (updated )
DiscourseStored DOM-based XSS (without CSP) via video placeholders in Discourse
6.5
First published (updated )
DiscourseMultisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse
4.9
First published (updated )
DiscourseStored Cross-site Scripting via improper sanitization of svg files in Discourse
5.4
First published (updated )
DiscourseHTML injection via topic embedding in Discourse
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse Calendar pluginUninvited user is able to join and mark the attendance of the the private event
6.5
EPSS
0.04%
First published (updated )
Discourse Calendar pluginUser can see invitees in events created in PMs and private categories
5.3
EPSS
0.04%
First published (updated )
Discourse ReactionsReaction metadata exposed in private topics in Discourse-reactions
5.3
First published (updated )
DiscourseCross-site Scripting (XSS) via topic titles when CSP disabled in Discourse
4.3
First published (updated )
DiscoursePartial denial of service via inline oneboxes in Discourse
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.