89 matches found
CVE-2024-37165 Discourse has an XSS via Onebox system
Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability ...
CVE-2024-37165 Discourse has an XSS via Onebox system
Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability ...
CVE-2024-37165 Discourse has an XSS via Onebox system
Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability ...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. Discourse has a security vulnerability that stems from not properly cleaning Onebox data...
PT-2024-27349 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 Discourse versions prior to 3.3.0.beta3 Description: The issue arises from improperly sanitized Onebox data, which could lead to an XSS vulnerability in certain situations. This vulnerability only affects...
Discourse 3.3.x < 3.3.0.beta3 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
CVE-2024-35227 Discourse vulnerable to DoS through Onebox
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 o...
CVE-2024-35227 Discourse vulnerable to DoS through Onebox
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 o...
Exploit for Injection in Discourse
Table of contents ================= CVE-2023-47119cve...
Design/Logic Flaw
Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...
Design/Logic Flaw
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the...
CVE-2023-47120 Discourse DoS through Onebox favicon URL
Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...
CVE-2023-47120 Discourse DoS through Onebox favicon URL
Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...
CVE-2023-47119 HTML injection in oneboxed links
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the...
Discourse Security Breach
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse versions 3.1.0 through 3.1.2, which originates from potentially exhausting Redis memory by creating a website with an unusually...
Discourse Security Breach
Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A security vulnerability exists in Discourse prior to version 3.1.3, which stems from the fact that certain links can be injected with arbitrary HTML tags when rendered by the...
PT-2023-30324 · Discourse +1 · Discourse +1
Name of the Vulnerable Software and Affected Versions: Discourse versions 3.1.0 through 3.1.2 Discourse versions 3.1.0,beta6 through 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. In the affected versions, Redis memory can be depleted by crafting a site wi...
PT-2023-30322 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier of the beta and tests-passed branches Description: Discourse is an open source platform for community discussion. The issue allows some links to inject arbitrary HTML...
CVE-2022-23641
Discourse is an open source discussion platform. In versions prior to 2.8.1 in the stable branch, 2.9.0.beta2 in the beta branch, and 2.9.0.beta2 in the tests-passed branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an...
CVE-2022-23641 Denial of Service in Discourse
Discourse is an open source discussion platform. In versions prior to 2.8.1 in the stable branch, 2.9.0.beta2 in the beta branch, and 2.9.0.beta2 in the tests-passed branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an...