Lucene search
K

252 matches found

Vulnrichment
Vulnrichment
added 2022/09/29 8:5 p.m.5 views

CVE-2022-39226 Discourse user profile location and website fields were not sufficiently length-limited

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other...

4.3CVSS4.6AI score0.00805EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/09/29 7:35 p.m.6 views

CVE-2022-36066 Discourse vulnerable to RCE via admins uploading maliciously zipped file

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution...

9.1CVSS9.5AI score0.01578EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/29 12:0 a.m.43 views

Discourse 代码问题漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A file upload vulnerability exists in versions of Discourse prior to 2.8.9 and prior to 2.9.0.beta10, which stems from a lack of valid validation of uploaded files by the...

9.1CVSS8.1AI score0.01578EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/08/01 7:40 p.m.6 views

CVE-2022-31184 Email activation route can be abused by spammers in Discourse

Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unabl...

6.5CVSS6.6AI score0.00571EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.8 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. A security vulnerability exists in Discourse stable 2.8.6 and earlier, Discourse beta 2.9.0.beta7 and earlier, and Discourse tests-passed 2.9.0.beta7 and earlier, whi...

7.5CVSS7.3AI score0.00571EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.6 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. Discourse suffers from a security vulnerability. An attacker exploited the vulnerability to read the cache of an anonymous i.e., not logged in user, thereby...

5.3CVSS5.7AI score0.00976EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.5 views

PT-2022-16154 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.1 Discourse version 2.9.0.beta2 Description: The issue allows users to trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job triggers an infinite loop, which caus...

6.5CVSS6.3AI score0.01159EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2022/01/05 7:5 p.m.7 views

CVE-2022-21642 Exposure of whisper participants in discourse

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this...

4.3CVSS7AI score0.00727EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/01/05 12:0 a.m.5 views

PT-2022-14998 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.13 Discourse versions prior to 2.8.0.beta11 Description: Discourse is an open source platform for community discussion. In affected versions, when composing a message from a topic, the composer user suggestions...

4.3CVSS4.4AI score0.00727EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2021/08/13 4:15 p.m.2 views

CVE-2021-37693

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email...

7.5CVSS5.4AI score0.00833EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/08/13 12:0 a.m.5 views

Discourse 代码问题漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A code issue vulnerability exists in versions of Discourse prior to 2.7.8 and prior to 2.8.0.beta4. No detailed vulnerability details are currently available...

7.5CVSS5.7AI score0.00833EPSS
Exploits0References3
Hacker One
Hacker One
added 2017/08/16 1:6 p.m.36 views

Discourse: CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception)

Hi, I noticed this issue on one of your clients which was using CloudFlare in front of their Discourse. This is not affecting try.discourse.org but the same underlying issue can be seen there as well even though it's not exploitable on that specific domain. The TL;DR of issue is basically:...

6.5AI score
Exploits0
Rows per page
Query Builder