Lucene search
+L

80 matches found

Prion
Prion
added 2022/09/29 9:15 p.m.25 views

Design/Logic Flaw

Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete...

4CVSS4.7AI score0.00983EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/09/29 8:15 p.m.39 views

CVE-2022-39232 Discourse vulnerable to incomplete quote causing a topic to crash in the browser

Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete...

6.5CVSS6.6AI score0.00983EPSS
Exploits0References3
OSV
OSV
added 2022/09/29 8:15 p.m.34 views

CVE-2022-39232 Discourse vulnerable to incomplete quote causing a topic to crash in the browser

Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete...

6.5CVSS4.8AI score0.00983EPSS
Exploits0References5
NVD
NVD
added 2022/06/14 9:15 p.m.31 views

CVE-2022-31060

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...

5.3CVSS0.01013EPSS
Exploits0References3
Prion
Prion
added 2022/06/14 9:15 p.m.22 views

Design/Logic Flaw

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...

5CVSS5.2AI score0.01013EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/06/14 8:15 p.m.92 views

CVE-2022-31060

Discourse banner topic data exposure affects versions prior to 2.8.4 (stable) and prior to 2.9.0.beta5 (beta/tests-passed). The vulnerability exposes banner topic data on login-required sites. Fixes are in Discourse 2.8.4 (stable) and 2.9.0.beta5 (beta/tests-passed); as a workaround, banners can ...

5.3CVSS5AI score0.01013EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/14 8:15 p.m.27 views

CVE-2022-31060 Banner topic data is exposed on login-required Discourse sites

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...

5.3CVSS5.3AI score0.01013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.3 views

PT-2022-20498 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.4 in the stable branch Discourse versions prior to 2.9.0.beta5 in the beta and tests-passed branches Description: Discourse is an open-source discussion platform. Prior to the fixed versions, banner topic data ...

5.3CVSS5.2AI score0.01013EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.4 views

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from an information disclosure vulnerability that stems from banner theme data being publicly available on a website that requires a login.The following...

5.3CVSS5.7AI score0.01013EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/09/28 12:0 a.m.17 views

Discourse 2.8.0.beta6 < 2.9.0.beta5 XSS Vulnerability

Discourse is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6AI score0.00565EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/13 3:15 p.m.19 views

CVE-2021-37703 Information exposure in Discourse

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed...

4.3CVSS5.5AI score0.00844EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/08/13 12:0 a.m.4 views

PT-2021-21822 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.8 Discourse versions prior to 2.8.0.beta5 Description: The issue exposes a user's read state for a topic, including the last read post number and the notification level. Recommendations: For versions prior to...

4.3CVSS4.4AI score0.00844EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2020/07/02 12:0 a.m.98 views

Discourse < 2.5.0.beta6 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

6.9CVSS7.6AI score0.99019EPSS
Exploits11References3
OpenVAS
OpenVAS
added 2020/05/28 12:0 a.m.87 views

Discourse < 2.5.0.beta5 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

6.9CVSS7.6AI score0.99019EPSS
Exploits11References3
OpenVAS
OpenVAS
added 2020/03/19 12:0 a.m.28 views

Discourse < 2.4.0.beta6 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

7.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2019/01/29 12:0 a.m.58 views

Discourse < 2.2.0.beta5 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; if...

7.3AI score
Exploits0References3
OpenVAS
OpenVAS
added 2018/08/29 12:0 a.m.14 views

Discourse < 2.1.0.beta5 XSS Vulnerability

Discourse is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

6.6AI score
Exploits0References1
Cvelist
Cvelist
added 2017/08/31 6:0 p.m.20 views

CVE-2017-14069

SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php...

9.9AI score0.01191EPSS
Exploits1References2
seebug.org
seebug.org
added 2007/04/05 12:0 a.m.16 views

phpMyNewsletter &lt;= 0.8 (beta5) Multiple Vuln Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " phpMyNewsletter = 0.8 beta5 Multiple Vuln Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc3 echo "Usage: php ".$argv0." Si...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/01/03 12:0 a.m.69 views

LocazoList <= 2.01a beta5 (subcatID) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================================= LocazoList = 2.01a beta5 subcatID Remote SQL Injection Vulnerability ======================================================================= Title : LocazoList = v2.01...

7.1AI score
Exploits0
Rows per page
Query Builder