18 matches found
EUVD-2024-36475
Malicious code in bioql PyPI...
CVE-2024-35234
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
CVE-2024-37165
Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability ...
CVE-2024-37165
Discourse has an XSS vulnerability (CVE-2024-37165) arising from improperly sanitized Onebox data. Affected: Discourse versions before 3.2.3 and before 3.3.0.beta3, particularly when the default Content Security Policy is disabled. Impact is XSS under those conditions; fixed in Discourse 3.2.3 an...
PT-2024-27349 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 Discourse versions prior to 3.3.0.beta3 Description: The issue arises from improperly sanitized Onebox data, which could lead to an XSS vulnerability in certain situations. This vulnerability only affects...
BIT-DISCOURSE-2024-36113 Discourse missing authorization checks for suspending admins/moderators
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...
CVE-2024-36113
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...
CVE-2024-36113
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...
CVE-2024-35234
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...
CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...
CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
CVE-2024-35234
CVE-2024-35234 affects Discourse. Multiple sources document a stored DOM XSS where an attacker can execute arbitrary JavaScript in users’ browsers by visiting a URL containing malicious meta tags, applicable to installations with CSP disabled. Patched in Discourse releases: 3.2.3 (stable) and 3.3...
CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
CVE-2024-35227
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 o...
CVE-2024-35227 Discourse vulnerable to DoS through Onebox
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 o...
CVE-2024-35227
CVE-2024-35227 affects Discourse (open-source discussion platform). The issue arises from Oneboxing a carefully crafted malicious URL, which can degrade availability (DoS). Affected versions: prior to 3.2.3 on the stable branch and 3.3.0.beta3 on the tests-passed branch. Remediation: patched in 3...
PT-2024-26398 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta3 on the tests-passed branch Description: The issue allows an attacker to execute arbitrary JavaScript on users' browsers by posting a specific URL...