Lucene search
K

89 matches found

Cvelist
Cvelist
added 2024/07/30 2:10 p.m.26 views

CVE-2024-37165 Discourse has an XSS via Onebox system

Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability ...

6.3CVSS0.00379EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/30 2:10 p.m.21 views

CVE-2024-37165 Discourse has an XSS via Onebox system

Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability ...

6.3CVSS5.9AI score0.00379EPSS
Exploits0References3
OSV
OSV
added 2024/07/30 2:10 p.m.18 views

CVE-2024-37165 Discourse has an XSS via Onebox system

Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability ...

6.3CVSS6.1AI score0.00379EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.5 views

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. Discourse has a security vulnerability that stems from not properly cleaning Onebox data...

6.3CVSS6.6AI score0.00379EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.6 views

PT-2024-27349 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 Discourse versions prior to 3.3.0.beta3 Description: The issue arises from improperly sanitized Onebox data, which could lead to an XSS vulnerability in certain situations. This vulnerability only affects...

6.3CVSS6.2AI score0.00379EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2024/07/04 12:0 a.m.64 views

Discourse 3.3.x < 3.3.0.beta3 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

7.5CVSS5.7AI score0.00598EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/07/03 5:39 p.m.20 views

CVE-2024-35227 Discourse vulnerable to DoS through Onebox

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 o...

7.5CVSS6.6AI score0.0059EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/03 5:39 p.m.40 views

CVE-2024-35227 Discourse vulnerable to DoS through Onebox

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 o...

7.5CVSS0.0059EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2023/11/12 11:34 p.m.17 views

Exploit for Injection in Discourse

Table of contents ================= CVE-2023-47119cve...

6.1CVSS7.3AI score0.00943EPSS
Exploits1
Prion
Prion
added 2023/11/10 4:15 p.m.17 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...

5CVSS6.8AI score0.00982EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/11/10 3:15 p.m.18 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the...

5.8CVSS6.8AI score0.00943EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/10 3:9 p.m.11 views

CVE-2023-47120 Discourse DoS through Onebox favicon URL

Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...

7.5CVSS7AI score0.00982EPSS
Exploits0References3
OSV
OSV
added 2023/11/10 3:9 p.m.25 views

CVE-2023-47120 Discourse DoS through Onebox favicon URL

Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...

7.5CVSS7.2AI score0.00982EPSS
Exploits0References5
OSV
OSV
added 2023/11/10 3:0 p.m.30 views

CVE-2023-47119 HTML injection in oneboxed links

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the...

5.3CVSS6.1AI score0.00943EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/11/10 12:0 a.m.5 views

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse versions 3.1.0 through 3.1.2, which originates from potentially exhausting Redis memory by creating a website with an unusually...

7.5CVSS6.8AI score0.00982EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/11/10 12:0 a.m.4 views

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A security vulnerability exists in Discourse prior to version 3.1.3, which stems from the fact that certain links can be injected with arbitrary HTML tags when rendered by the...

6.1CVSS6.7AI score0.00943EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/11/10 12:0 a.m.5 views

PT-2023-30324 · Discourse +1 · Discourse +1

Name of the Vulnerable Software and Affected Versions: Discourse versions 3.1.0 through 3.1.2 Discourse versions 3.1.0,beta6 through 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. In the affected versions, Redis memory can be depleted by crafting a site wi...

7.5CVSS7.5AI score0.00982EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/11/10 12:0 a.m.8 views

PT-2023-30322 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier of the beta and tests-passed branches Description: Discourse is an open source platform for community discussion. The issue allows some links to inject arbitrary HTML...

6.1CVSS6.2AI score0.00943EPSS
Exploits1References12
NVD
NVD
added 2022/02/15 9:15 p.m.31 views

CVE-2022-23641

Discourse is an open source discussion platform. In versions prior to 2.8.1 in the stable branch, 2.9.0.beta2 in the beta branch, and 2.9.0.beta2 in the tests-passed branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an...

6.5CVSS0.01141EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/02/15 8:15 p.m.6 views

CVE-2022-23641 Denial of Service in Discourse

Discourse is an open source discussion platform. In versions prior to 2.8.1 in the stable branch, 2.9.0.beta2 in the beta branch, and 2.9.0.beta2 in the tests-passed branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an...

6.5CVSS6.3AI score0.01141EPSS
Exploits0References3
Rows per page
Query Builder