Filter
AND
-Infinity
0
Trending
DiscoursePrivate data leak on login-required Discourse sites
5.8
EPSS
0.04%
First published (updated )
DiscourseDiscourse DM limits aren’t always properly enforced
4.8
First published (updated )
DiscourseExposure of whisper participants in discourse
4.3
First published (updated )
DiscourseUser's bio visible even if profile is restricted in Discourse
4.3
First published (updated )
DiscourseGroup advanced search option may leak group and group's members visibility
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseSecure category names leaked via user activity export in Discourse
4.3
First published (updated )
DiscourseAnonymous user cache poisoning in discourse
5.3
First published (updated )
DiscourseCategory group permissions leaked in Discourse
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Discourse AssignExposure of Sensitive Information to an Unauthorized Actor in Discourse Assign
4.3
First published (updated )
DiscourseInvite bypasses user approval in Discourse
5.3
First published (updated )
Discourse Calendar pluginDiscourse Calendar Event names susceptible to Cross-site Scripting
6.5
First published (updated )
DiscourseBanner topic data is exposed on login-required Discourse sites
5.3
First published (updated )
DiscourseExposure of Sensitive Information in discourse-chat
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseInvites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse
5.7
First published (updated )
DiscourseCache poisoning via maliciously-formed request in Discourse
5.3
First published (updated )
DiscourseDiscourse-Chat Cross-Site Scripting issue for channel names and descriptions
5.4
First published (updated )
DiscourseDiscourse user profile location and website fields were not sufficiently length-limited
4.3
First published (updated )
DiscourseDiscourse vulnerable to incomplete quote causing a topic to crash in the browser
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseArbitrary HTML injection in table-of-contents theme component in DiscoTOC
5.4
First published (updated )
DiscourseDiscourse-chat plugin susceptible to XSS in channel name and description
5.4
First published (updated )
DiscourseDisplaying user badges can leak topic titles to users that have no access to the topic
5.3
First published (updated )
DiscourseUsers erroneously and transparently added to private messages in Discourse
6.5
First published (updated )
Discourse Calendar pluginDiscourse-calendar exposes members of hidden groups
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DiscourseDiscourse chat messages should have a maximum character limit
4.3
First published (updated )
DiscourseDiscourse users can see notifications for topics they no longer have access to
4.3
First published (updated )
DiscourseDiscourse may allow exposure of hidden tags in the subject of notification emails
4.3
First published (updated )
DiscourseAny authenticated Discourse user can create an unlisted topic
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.