23 matches found
CVE-2023-23621
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0....
BIT-DISCOURSE-2023-23622 Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or...
BIT-DISCOURSE-2023-23624 Discourse's exclude_tags param could leak which topics had a specific hidden tag
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...
Cross site scripting
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled o...
CVE-2023-25172 Discourse vulnerable to Cross-site Scripting - user name displayed on post
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled o...
CVE-2023-25172 Discourse vulnerable to Cross-site Scripting - user name displayed on post
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled o...
CVE-2023-23622
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or...
Cross site scripting
Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the tests-passed branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the...
Design/Logic Flaw
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or...
CVE-2023-26040
Discourse (open-source discussion platform) vulnerable in the tests-passed branch between versions 3.1.0.beta2 and 3.1.0.beta3, where editing or replying to a chat message containing malicious content could lead to cross-site scripting (XSS). The issue is patched in version 3.1.0.beta3 of the tes...
CVE-2023-23622 Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or...
PT-2023-19082 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.1 of the stable branch Discourse versions prior to 3.1.0.beta2 of the beta and tests-passed branches Description: Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and...
CVE-2023-23620
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the stable...
Design/Logic Flaw
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the stable...
Design/Logic Flaw
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...
Design/Logic Flaw
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0....
Design/Logic Flaw
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to...
CVE-2023-23621 Discourse vulnerable to ReDoS in user agent parsing
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0....
CVE-2023-23616 Discourse membership requests lack character limit
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to...
CVE-2023-23620 Discourse restricted tag routes leak topic information
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the stable...