Lucene search
K

5 matches found

OSV
OSV
added 2026/06/16 12:37 p.m.5 views

BIT-DISCOURSE-2026-45085 Discourse: Chat misauthorization and information disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users could create chat...

5.3CVSS5.2AI score0.00213EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.6 views

CVE-2026-33410

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed direct...

5.4CVSS5.9AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2026/03/19 10:16 p.m.6 views

CVE-2026-33410

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed direct...

5.4CVSS0.00156EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2008/06/20 11:48 a.m.2 views

CVE-2008-2787

Cross-site scripting XSS vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the lastmessage parameter...

4.3CVSS5.7AI score0.01834EPSS
Exploits1References8
Prion
Prion
added 2008/06/20 11:48 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the lastmessage parameter...

4.3CVSS6.1AI score0.01834EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder