VYPR

Discourse

by Discourse (software)

Source repositories

CVEs (262)

  • CVE-2024-55948Feb 4, 2025
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of…

  • CVE-2024-56197Feb 4, 2025
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been…

  • CVE-2024-56328Feb 4, 2025
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of…

  • CVE-2025-22601Feb 4, 2025
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in the latest version of…

  • CVE-2025-22602Feb 4, 2025
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been…

  • CVE-2025-23023Feb 4, 2025
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only…

  • CVE-2024-49765Dec 19, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse.…

  • CVE-2024-52589Dec 19, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove…

  • CVE-2024-52794Dec 19, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

  • CVE-2024-47772Oct 7, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest…

  • CVE-2024-43789Oct 7, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of…

  • CVE-2024-45297Oct 7, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade.…

  • CVE-2024-45051Oct 7, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and…

  • CVE-2024-39320Jul 30, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and…

  • CVE-2024-37299Jul 30, 2024
    risk 0.00cvss epss 0.01

    Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.

  • CVE-2024-37165Jul 30, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy.…

  • CVE-2024-38360Jul 15, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. This issue has been addressed in stable version 3.2.3…

  • CVE-2024-37157Jul 3, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is…

  • CVE-2024-36122Jul 3, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to…

  • CVE-2024-36113Jul 3, 2024
    risk 0.00cvss epss 0.00

    Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in…

Page 7 of 14