24 matches found
EUVD-2024-41427
Malicious code in bioql PyPI...
EUVD-2024-23428
Malicious code in bioql PyPI...
EUVD-2022-45044
Malicious code in bioql PyPI...
EUVD-2024-19284
Malicious code in bioql PyPI...
EUVD-2024-22187
Malicious code in bioql PyPI...
CVE-2024-24817
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...
CVE-2024-45303 Discourse Calendar plugin event names susceptible to XSS
Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue ...
CVE-2024-21658 Insufficient control of region value length in discourse-calendar
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been...
CVE-2024-21658
CVE-2024-21658 affects the discourse-calendar plugin for Discourse. The issue is an overly loose restriction on the region value length, which can cause a Discourse instance to consume excessive bandwidth and disk space. The vulnerability is fixed in the main branch; there are no public workaroun...
CVE-2024-24817
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...
Code injection
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...
CVE-2024-24817 User can see invitees in events created in PMs and private categories
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...
CVE-2024-24817 User can see invitees in events created in PMs and private categories
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...
CVE-2024-26145 Uninvited user is able to join and mark the attendance of the the private event
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a...
CVE-2024-26145 Uninvited user is able to join and mark the attendance of the the private event
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a...
CVE-2024-26145
CVE-2024-26145 relates to the Discourse Calendar feature. The vulnerability allows uninvited users to gain access to private events by crafting a request to update their attendance within the dynamic calendar in the first post of a topic. The underlying issue is resolved by the commit dfc4fa15f34...
CVE-2024-26145 Uninvited user is able to join and mark the attendance of the the private event
Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a...
CVE-2022-41913
Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...
Design/Logic Flaw
Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...
CVE-2022-41913 Discourse-calendar exposes members of hidden groups
Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...