Discourse

Discourse

252 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2020-24327

Exploit
  • EPSS 1.03%
  • Veröffentlicht 23.09.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:14:35

Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.

7.5

CVE-2021-41082

  • EPSS 1.73%
  • Veröffentlicht 20.09.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:25:24

Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the pr...

5.4

CVE-2021-39161

  • EPSS 0.41%
  • Veröffentlicht 26.08.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 06:18:45

Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects...

7.5

CVE-2021-37693

  • EPSS 0.83%
  • Veröffentlicht 13.08.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:15:43

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email veri...

4.3

CVE-2021-37703

  • EPSS 0.84%
  • Veröffentlicht 13.08.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:15:44

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed.

6.1

CVE-2021-37633

  • EPSS 0.76%
  • Veröffentlicht 09.08.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 06:15:34

Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security ...

4.3

CVE-2021-32788

  • EPSS 0.89%
  • Veröffentlicht 27.07.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:44

Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is reve...

5.4

CVE-2021-32764

  • EPSS 0.55%
  • Veröffentlicht 15.07.2021 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:07:41

Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's def...

7.5

CVE-2021-3138

Exploit
  • EPSS 3.07%
  • Veröffentlicht 14.01.2021 04:15:15
  • Zuletzt bearbeitet 21.11.2024 06:20:58

In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.

6.5

CVE-2019-15515

  • EPSS 0.62%
  • Veröffentlicht 26.08.2019 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:28:54

Discourse 2.3.2 sends the CSRF token in the query string.