50 matches found
CVE-2023-43658
dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting XSS within the 'email preview' UI when a site has CSP disabled. Having CSP...
EUVD-2022-52731
Malicious code in bioql PyPI...
EUVD-2024-41427
Malicious code in bioql PyPI...
EUVD-2024-23428
Malicious code in bioql PyPI...
CVE-2024-45303
Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue ...
CVE-2024-26145
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a...
CVE-2024-24817
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...
CVE-2022-31059
Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Conte...
CVE-2022-41913
Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...
CVE-2024-45303
Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue ...
CVE-2024-45303 Discourse Calendar plugin event names susceptible to XSS
Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue ...
PT-2024-31556 · Discourse · Discourse Calendar Plugin
Name of the Vulnerable Software and Affected Versions: Discourse Calendar plugin versions prior to 0.5 Description: The Discourse Calendar plugin is susceptible to XSS attacks when rendering event names. This issue only affects sites that have modified or disabled Discourse's default Content...
Discourse Calendar 跨站脚本漏洞
Discourse Calendar is an open source calendar plugin for Discourse. A cross-site scripting vulnerability exists in versions of Discourse Calendar prior to 0.5, which stems from a problem with the dynamic calendar functionality that may be vulnerable to XSS attacks when rendering event names. This...
CVE-2024-21658
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been...
CVE-2024-21658 Insufficient control of region value length in discourse-calendar
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been...
CVE-2024-21658 Insufficient control of region value length in discourse-calendar
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been...
CVE-2024-21658 Insufficient control of region value length in discourse-calendar
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been...
CVE-2024-21658
CVE-2024-21658 affects the discourse-calendar plugin for Discourse. The issue is an overly loose restriction on the region value length, which can cause a Discourse instance to consume excessive bandwidth and disk space. The vulnerability is fixed in the main branch; there are no public workaroun...
PT-2024-19003 · Discourse · Discourse Calendar
Name of the Vulnerable Software and Affected Versions: discourse-calendar affected versions not specified Description: The discourse-calendar plugin has a limit on region value length that is too generous, allowing a malicious actor to cause a Discourse instance to use excessive bandwidth and dis...
Discourse Calendar 资源管理错误漏洞
Discourse Calendar is an open source calendar plugin for Discourse. A resource management error vulnerability exists in Discourse Calendar, which stems from an overly loose restriction on the length of data, which can lead to abnormal bandwidth and disk space usage...