5 matches found
CVE-2024-39320
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...
CVE-2024-39320 Discourse allows iframe injection though default site setting
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...
CVE-2024-37299 Discourse vulnerable to DoS via Tag Group
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...
PT-2024-28445 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.5 Discourse versions prior to 3.3.0.beta5 Description: The issue allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed iframes setting. Recommendation...
PT-2024-27456 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.5 Discourse versions prior to 3.3.0.beta5 Description: The issue concerns crafting requests to submit very long tag group names, which can reduce the availability of a Discourse instance. Recommendations: For...