80 matches found
Design/Logic Flaw
Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete...
CVE-2022-39232 Discourse vulnerable to incomplete quote causing a topic to crash in the browser
Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete...
CVE-2022-39232 Discourse vulnerable to incomplete quote causing a topic to crash in the browser
Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete...
CVE-2022-31060
Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...
Design/Logic Flaw
Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...
CVE-2022-31060
Discourse banner topic data exposure affects versions prior to 2.8.4 (stable) and prior to 2.9.0.beta5 (beta/tests-passed). The vulnerability exposes banner topic data on login-required sites. Fixes are in Discourse 2.8.4 (stable) and 2.9.0.beta5 (beta/tests-passed); as a workaround, banners can ...
CVE-2022-31060 Banner topic data is exposed on login-required Discourse sites
Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...
PT-2022-20498 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.4 in the stable branch Discourse versions prior to 2.9.0.beta5 in the beta and tests-passed branches Description: Discourse is an open-source discussion platform. Prior to the fixed versions, banner topic data ...
Discourse 信息泄露漏洞
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from an information disclosure vulnerability that stems from banner theme data being publicly available on a website that requires a login.The following...
Discourse 2.8.0.beta6 < 2.9.0.beta5 XSS Vulnerability
Discourse is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2021-37703 Information exposure in Discourse
Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed...
PT-2021-21822 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.8 Discourse versions prior to 2.8.0.beta5 Description: The issue exposes a user's read state for a topic, including the last read post number and the notification level. Recommendations: For versions prior to...
Discourse < 2.5.0.beta6 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Discourse < 2.5.0.beta5 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Discourse < 2.4.0.beta6 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Discourse < 2.2.0.beta5 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; if...
Discourse < 2.1.0.beta5 XSS Vulnerability
Discourse is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...
CVE-2017-14069
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php...
phpMyNewsletter <= 0.8 (beta5) Multiple Vuln Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " phpMyNewsletter = 0.8 beta5 Multiple Vuln Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc3 echo "Usage: php ".$argv0." Si...
LocazoList <= 2.01a beta5 (subcatID) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ======================================================================= LocazoList = 2.01a beta5 subcatID Remote SQL Injection Vulnerability ======================================================================= Title : LocazoList = v2.01...