6 matches found
EUVD-2023-52358
Malicious code in bioql PyPI...
CVE-2023-48297
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
BIT-DISCOURSE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
Code injection
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
CVE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...
Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)
A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...