19 matches found
BIT-DISCOURSE-2025-68660 Discourse AI Discover's continue conversation allows threat actor to impersonate user
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the aidiscoverpersona access controls and gain ongoing DM access to personas that may be wired to staff-only categories, RAG document set...
EUVD-2024-21129
Malicious code in bioql PyPI...
CVE-2025-58055
Discourse vulnerability CVE-2025-58055 affects version 3.5.0 and earlier, where AI suggestion endpoints for Title, Category, and Tags can disclose information from restricted topics by altering topic_id in API requests. The root cause is improper access control at the AI helper endpoints, enablin...
CVE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...
CVE-2024-23654
discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit...
CVE-2024-54142
Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has be...
CVE-2024-54142
Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has be...
CVE-2024-54142 Cross-site Scripting via Discourse-ai SharedAiConversation onebox in Discourse
Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has be...
CVE-2024-54142 Cross-site Scripting via Discourse-ai SharedAiConversation onebox in Discourse
Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has be...
CVE-2024-54142 Cross-site Scripting via Discourse-ai SharedAiConversation onebox in Discourse
Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has be...
CVE-2024-54142
CVE-2024-54142 concerns the Discourse AI plugin for Discourse. When sharing Discourse AI Bot conversations into posts, HTML entities in the conversation could leak into the application when a user visits a post with a onebox, enabling cross-site scripting via user-visible content. The issue is ti...
Discourse AI 跨站脚本漏洞
Discourse AI is an open source AI plugin for Discourse. Discourse AI suffers from a cross-site scripting vulnerability that stems from the fact that when sharing a Discourse AI Bot conversation into a post, if there are HTML entities in the conversation, these entities may be leaked to the...
PT-2025-3019 · Discourse · Discourse Ai
Name of the Vulnerable Software and Affected Versions: Discourse AI affected versions not specified Description: The issue concerns the Discourse AI plugin, which provides AI features. When sharing conversations from the Discourse AI Bot into posts, HTML entities from the conversation could leak...
CVE-2024-23654
discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit...
Server side request forgery (ssrf)
discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit...
CVE-2024-23654 discourse-ai admin-initiated SSRF when interacting with AI services
discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit...
CVE-2024-23654 discourse-ai admin-initiated SSRF when interacting with AI services
discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit...
CVE-2024-23654
The CVE-2024-23654 entry concerns the discourse-ai plugin for Discourse, where admin-initiated SSRF was possible during interactions with various AI services. The underlying issue affected versions prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd; a patch was added in that commit. A pract...
PT-2024-20003 · Discourse · Discourse Ai
Name of the Vulnerable Software and Affected Versions: discourse-ai versions prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd Description: The discourse-ai plugin for the open-source discussion platform Discourse is affected by an issue where interactions with different AI services are...