CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

CNVD•added 2021/08/11 12:0 a.m.•19 views

Discourse Cross-Site Scripting Vulnerability (CNVD-2021-100597)

Discourse is an open source community discussion platform that includes community, email and chat room features. The platform includes community, email and chat room features.A cross-site scripting vulnerability exists in versions prior to Discourse 2.7.8, which stems from the d-popover tooltip i...

7.4CVSS1.5AI score0.00344EPSS

Exploits0References1

Cvelist•added 2021/08/09 7:35 p.m.•19 views

CVE-2021-37633 XSS via d-popover and d-html-popover attribute

Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest...

7.4CVSS7.2AI score0.00344EPSS

Exploits0References2

Positive Technologies•added 2021/08/09 12:0 a.m.•2 views

PT-2021-21748 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.8 Description: The issue affects Discourse, an open source discussion platform, where rendering of d-popover tooltips can be susceptible to XSS attacks in versions prior to 2.7.8. This vulnerability only affect...

7.4CVSS6.2AI score0.00344EPSS

Exploits0References8