CVE-2024-21658
- EPSS 0.21%
- Veröffentlicht 30.08.2024 18:15:06
- Zuletzt bearbeitet 05.09.2024 14:39:07
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive ...
CVE-2023-43658
- EPSS 0.57%
- Veröffentlicht 16.10.2023 22:15:12
- Zuletzt bearbeitet 21.11.2024 08:24:33
dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview'...
CVE-2022-31059
- EPSS 0.33%
- Veröffentlicht 14.06.2022 20:15:07
- Zuletzt bearbeitet 21.11.2024 07:03:48
Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which ha...