12 matches found
BIT-DISCOURSE-2024-45297 Prevent topic list filtering by hidden tags for unauthorized users in Discourse
Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known...
CVE-2024-45297
Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known...
CVE-2024-45297
Discourse (open source forum software) is affected by CVE-2024-45297: users can see topics labeled with hidden tags if they know the tag name, exposing restricted content. The issue has been patched in the latest stable, beta, and tests-passed releases; all users should upgrade. No public exploit...
BIT-DISCOURSE-2023-23624 Discourse's exclude_tags param could leak which topics had a specific hidden tag
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...
CVE-2023-23624 Discourse's exclude_tags param could leak which topics had a specific hidden tag
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...
CVE-2023-23624 Discourse's exclude_tags param could leak which topics had a specific hidden tag
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...
CVE-2023-23624 Discourse's exclude_tags param could leak which topics had a specific hidden tag
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...
GHSA-HMX6-GC2P-5P82 Nablarch Incomplete Cryptography
An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 5, and 5u1 to 5u13 allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors...
CVE-2019-5919
An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 5, and 5u1 to 5u13 allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors...
SAFE TEAM Regulus 2.2 Custchoice.PHP Update Your Password Action Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11133/info Regulus is reported prone to an information disclosure vulnerability. It is reported that a specified user/customer password hash is contained in a hidden tag of the 'Update Your Password' action page. An...
SAFE TEAM Regulus 2.2 - Custchoice.php Update Your Password Action Information Disclosure
SAFE TEAM Regulus 2.2 - Custchoice.php Update Your Password Action Information Disclosure source: https://www.securityfocus.com/bid/11133/info Regulus is reported prone to an information disclosure vulnerability. It is reported that a specified user/customer password hash is contained in a hidden...
SAFE TEAM Regulus 2.2 - 'Custchoice.php' Update Your Password Action Information Disclosure
source: https://www.securityfocus.com/bid/11133/info Regulus is reported prone to an information disclosure vulnerability. It is reported that a specified user/customer password hash is contained in a hidden tag of the 'Update Your Password' action page. An attacker may employ data that is obtain...