VYPR

discourse-calendar

by Discourse (software)

CVEs (7)

  • CVE-2024-45303Sep 12, 2024
    risk 0.00cvss epss 0.00

    Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content…

  • CVE-2024-21658Aug 30, 2024
    risk 0.00cvss epss 0.00

    discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space.…

  • CVE-2024-24817Feb 22, 2024
    risk 0.00cvss epss 0.00

    Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs (private messages) can be retrieved by anyone, even…

  • CVE-2024-26145Feb 21, 2024
    risk 0.00cvss epss 0.00

    Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit…

  • CVE-2023-43658Oct 16, 2023
    risk 0.00cvss epss 0.01

    dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview' UI when a site has CSP…

  • CVE-2022-41913Nov 14, 2022
    risk 0.00cvss epss 0.00

    Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This…

  • CVE-2022-31059Jun 14, 2022
    risk 0.00cvss epss 0.01

    Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which have modified or disabled…