CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedhatCVE•added 2025/05/23 5:52 a.m.•1 views

CVE-2023-22455

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full...

6.8CVSS5.8AI score0.00455EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:51 a.m.•2 views

CVE-2023-22454

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...

8CVSS5.7AI score0.00293EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:15 a.m.•2 views

CVE-2023-22453

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the /u/username.json endpoint. The issue...

5.3CVSS6.8AI score0.00274EPSS

Exploits0References1

OSV•added 2024/03/06 11:7 a.m.•17 views

BIT-DISCOURSE-2022-23549 Discourse vulnerable to bypass of post max_length using HTML comments

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, users can create posts with raw body longer than the maxlength site setting by including html comments that are not counted toward the...

6.5CVSS6AI score0.00327EPSS

Exploits0References3

OSV•added 2024/03/06 11:2 a.m.•20 views

BIT-DISCOURSE-2023-22453 Discourse vulnerable to exposure of user post counts per topic to unauthorized users

5.3CVSS5.5AI score0.00274EPSS

Exploits0References3

OSV•added 2024/03/06 11:1 a.m.•10 views

BIT-DISCOURSE-2023-22454 Discourse vulnerable to Cross-site Scripting through pending post titles descriptions

8CVSS6.4AI score0.00293EPSS

Exploits0References3

Prion•added 2023/01/05 8:15 p.m.•13 views

Design/Logic Flaw

5CVSS5.3AI score0.00274EPSS

Exploits0References2Affected Software1

OSV•added 2023/01/05 8:2 p.m.•13 views

CVE-2023-22455 Discourse vulnerable to Cross-site Scripting through tag descriptions

6.8CVSS5.7AI score0.00455EPSS

Exploits0References4

Cvelist•added 2023/01/05 7:58 p.m.•15 views

CVE-2023-22454 Discourse vulnerable to Cross-site Scripting through pending post titles descriptions

8CVSS7.6AI score0.00293EPSS

Exploits0References2

OSV•added 2023/01/05 7:48 p.m.•10 views

CVE-2022-46177 Discourse password reset link can lead to in account takeover if user changes to a new email

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old...

5.7CVSS7.8AI score0.00397EPSS

Exploits0References5

NVD•added 2023/01/05 7:15 p.m.•11 views

CVE-2022-23548

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, parsing posts can be susceptible to regular expression denial of service ReDoS attacks. This issue is patched in versions 2.8.14 and...

6.5CVSS6.3AI score0.00638EPSS

Exploits0References2

Prion•added 2023/01/05 7:15 p.m.•13 views

Design/Logic Flaw

4CVSS6.3AI score0.00638EPSS

Exploits0References2Affected Software1

Prion•added 2023/01/05 7:15 p.m.•15 views

Design/Logic Flaw

4CVSS6.3AI score0.00327EPSS

Exploits0References2Affected Software1

NVD•added 2023/01/05 6:15 p.m.•11 views

CVE-2022-46168

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta15 on the beta and tests-passed branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is n...

3.5CVSS3.7AI score0.00263EPSS

Exploits0References2

Prion•added 2023/01/05 6:15 p.m.•14 views

Design/Logic Flaw

3.5CVSS4AI score0.00263EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/01/05 5:18 p.m.•11 views

CVE-2022-46168 Group SMTP user emails are exposed in CC email header

3.5CVSS5.3AI score0.00263EPSS

Exploits0References2

CVE•added 2023/01/05 5:18 p.m.•60 views

CVE-2022-46168

CVE-2022-46168 affects Discourse. Before versions 2.8.14 (stable) and 2.9.0.beta15 (beta/tests-passed), recipients of group SMTP emails could see other users’ email addresses in the group thread. The issue is mitigated by the fixes in 2.8.14 and 2.9.0.beta15, which mask those emails with blind ca...

3.5CVSS3.6AI score0.00263EPSS

Exploits0References2Affected Software1

OSV•added 2023/01/05 5:18 p.m.•11 views

CVE-2022-46168 Group SMTP user emails are exposed in CC email header

3.5CVSS4.7AI score0.00263EPSS

Exploits0References4

OSV•added 2023/01/05 12:0 a.m.•17 views

CVE-2022-23548

6.5CVSS6.3AI score0.00638EPSS

Exploits0References4

Positive Technologies•added 2023/01/05 12:0 a.m.•2 views

PT-2023-14817 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.14 on the stable branch Discourse versions prior to 3.0.0.beta15 on the beta and tests-passed branches Description: Discourse is an option source discussion platform. When a user requests a password reset link...

8.1CVSS7.9AI score0.00397EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by