CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

ATTACKERKB•added 2026/03/19 9:57 p.m.•2 views

CVE-2026-33410

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed direct...

5.4CVSS5.8AI score0.00051EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-38824

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00193EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 11:10 p.m.•3 views

CVE-2022-36057

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting XSS attack. Version 0.9 contains a patch for this issue...

5.4CVSS5.9AI score0.00193EPSS

Exploits0References1

Vulnrichment•added 2024/10/07 8:50 p.m.•9 views

CVE-2024-47772 Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of...

6.5CVSS7.6AI score0.00725EPSS

Exploits0References2

Vulnrichment•added 2023/03/17 2:45 p.m.•4 views

CVE-2023-26040 Discourse chat messages susceptible to Cross-site Scripting through chat excerpts

Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the tests-passed branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the...

6.5CVSS6.2AI score0.00638EPSS

Exploits0References2

NVD•added 2022/10/06 8:15 p.m.•12 views

CVE-2022-39279

discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting XSS attack by inserting unsafe HTML into them...

5.4CVSS0.00219EPSS

Exploits0References2

Prion•added 2022/10/06 8:15 p.m.•19 views

Cross site scripting

4.9CVSS5.2AI score0.00219EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2022/10/06 12:0 a.m.•4 views

CVE-2022-39279 Discourse-chat plugin susceptible to XSS in channel name and description

4.3CVSS5.3AI score0.00219EPSS

Exploits0References2

Cvelist•added 2022/10/06 12:0 a.m.•10 views

CVE-2022-39279 Discourse-chat plugin susceptible to XSS in channel name and description

4.3CVSS5.5AI score0.00219EPSS

Exploits0References2

OSV•added 2022/10/06 12:0 a.m.•17 views

CVE-2022-39279 Discourse-chat plugin susceptible to XSS in channel name and description

4.3CVSS4.9AI score0.00219EPSS

Exploits0References4

CVE•added 2022/10/06 12:0 a.m.•41 views

CVE-2022-39279

The CVE concerns the discourse-chat plugin for Discourse, where versions prior to 0.9 render a chat channel name and description insecurely, enabling cross-site scripting by inserting unsafe HTML. The fixed version is 0.9; users are advised to upgrade. No additional exploit details or workaround ...

5.4CVSS4.8AI score0.00219EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2022/10/06 12:0 a.m.•3 views

PT-2022-24865 · Discourse · Discourse-Chat

Name of the Vulnerable Software and Affected Versions: discourse-chat versions prior to 0.9 Description: The discourse-chat plugin for the Discourse message board has an issue where it renders a chat channel's name and description in an unsafe way, allowing staff members to cause a cross-site...

5.4CVSS5.2AI score0.00219EPSS

Exploits0References5

NVD•added 2022/09/06 8:15 p.m.•14 views

CVE-2022-36057

5.4CVSS0.00193EPSS

Exploits0References2

Prion•added 2022/09/06 8:15 p.m.•15 views

Cross site scripting

4.3CVSS4.9AI score0.00193EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/09/06 7:30 p.m.•17 views

CVE-2022-36057 Discourse-Chat Cross-Site Scripting issue for channel names and descriptions

5.4CVSS5.5AI score0.00193EPSS

Exploits0References2

OSV•added 2022/09/06 7:30 p.m.•1 views

CVE-2022-36057 Discourse-Chat Cross-Site Scripting issue for channel names and descriptions

5.4CVSS5.9AI score0.00193EPSS

Exploits0References4

Vulnrichment•added 2022/09/06 7:30 p.m.•4 views

CVE-2022-36057 Discourse-Chat Cross-Site Scripting issue for channel names and descriptions

5.4CVSS5.3AI score0.00193EPSS

Exploits0References2

CVE•added 2022/09/06 7:30 p.m.•57 views

CVE-2022-36057

The CVE-2022-36057 issue affects Discourse-Chat, a plugin for Discourse. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by an administrator being able to insert HTML into chat titles and descriptions for channel names. The publicly reported details indicate that versions prior to 0...

5.4CVSS5AI score0.00193EPSS

Exploits0References2Affected Software1

CNNVD•added 2022/09/06 12:0 a.m.•1 views

Discourse-Chat 安全漏洞

Discourse-Chat is a free open source chat plugin for Discourse open source internet forum software. A security vulnerability exists in versions of Discourse-Chat prior to 0.9, which originated from a cross-site scripting XSS attack by an administrator user inserting HTML in the chat title and...

5.4CVSS4.9AI score0.00193EPSS

Exploits0References3

Positive Technologies•added 2022/09/06 12:0 a.m.•1 views

PT-2022-23148 · Discourse · Discourse-Chat

Name of the Vulnerable Software and Affected Versions: Discourse-Chat versions prior to 0.9 Description: The issue affects users of Discourse Chat, an asynchronous messaging plugin for the Discourse open-source discussion platform. Admin users can insert HTML into chat titles and descriptions,...

5.4CVSS4.9AI score0.00193EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by