Discourse

Calendar

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-45303

  • EPSS 0.8%
  • Veröffentlicht 12.09.2024 19:15:03
  • Zuletzt bearbeitet 18.09.2024 20:25:05

Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discours...

5.3

CVE-2024-24817

  • EPSS 0.23%
  • Veröffentlicht 22.02.2024 18:15:48
  • Zuletzt bearbeitet 05.02.2025 21:59:51

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs (private messages) can...

4.3

CVE-2024-26145

  • EPSS 0.16%
  • Veröffentlicht 21.02.2024 18:15:51
  • Zuletzt bearbeitet 05.02.2025 22:04:56

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit...

5.4

CVE-2022-41913

  • EPSS 0.2%
  • Veröffentlicht 14.11.2022 21:15:18
  • Zuletzt bearbeitet 21.11.2024 07:24:03

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can crea...