Lucene search
+L

70 matches found

NVD
NVD
added 2023/03/16 9:15 p.m.32 views

CVE-2023-23935

Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...

4.3CVSS4AI score0.00501EPSS
Exploits0References2
Prion
Prion
added 2023/03/16 9:15 p.m.19 views

Design/Logic Flaw

Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...

4CVSS4.6AI score0.00501EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/16 8:21 p.m.37 views

CVE-2023-23935 Presence of restricted personal Discourse messages may be leaked if tagged with a tag

Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...

3.5CVSS5.3AI score0.00501EPSS
Exploits0References2
OSV
OSV
added 2023/03/16 8:21 p.m.27 views

CVE-2023-23935 Presence of restricted personal Discourse messages may be leaked if tagged with a tag

Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...

3.5CVSS4.6AI score0.00501EPSS
Exploits0References4
Prion
Prion
added 2022/11/29 5:15 p.m.22 views

Design/Logic Flaw

Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the stable branch and versions 2.9.0.beta11 and prior on the beta and tests-passed branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS o...

4.9CVSS5.1AI score0.00452EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/11/29 12:0 a.m.29 views

CVE-2022-46148 Discourse allows self-XSS through malicious composer message

Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the stable branch and versions 2.9.0.beta11 and prior on the beta and tests-passed branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS o...

7.1CVSS6.7AI score0.00452EPSS
Exploits0References1
OSV
OSV
added 2022/11/29 12:0 a.m.20 views

CVE-2022-46148 Discourse allows self-XSS through malicious composer message

Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the stable branch and versions 2.9.0.beta11 and prior on the beta and tests-passed branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS o...

7.1CVSS5.5AI score0.00452EPSS
Exploits0References3
CVE
CVE
added 2022/11/14 12:0 a.m.59 views

CVE-2022-41913

CVE-2022-41913 affects the Discourse-calendar plugin for Discourse. When discourse_post_event_enabled is on, users can list members of private groups or private-group members in dynamic calendar posts, enabling disclosure of group membership. The issue is mitigated by upgrading to a version that ...

5.4CVSS4.8AI score0.00375EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/09/28 12:0 a.m.83 views

Apache Pulsar Trust Management Issues Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-machine room cross-region data replication...

5.9CVSS5.9AI score0.0058EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/26 6:45 p.m.28 views

CVE-2022-24866 Exposure of Sensitive Information to an Unauthorized Actor in Discourse Assign

Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could...

4.3CVSS4.9AI score0.00625EPSS
Exploits0References2
CNVD
CNVD
added 2022/03/14 12:0 a.m.53 views

Mattermost Server Buffer Overflow Vulnerability

Mattermost Server is an open source messaging platform from Mattermost, Inc. A buffer overflow vulnerability exists in Mattermost server. POST body to crash the server...

7.5CVSS2.8AI score0.00815EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/20 12:0 a.m.16 views

chaskiq Cross-Site Scripting Vulnerability (CNVD-2022-08227)

Chaskiq is an open source messaging platform. It is used for marketing, support and sales. chaskiq suffers from a cross-site scripting vulnerability that stems from the fact that chaskiq is vulnerable to input errors during web page generation "cross-site scripting". An attacker could exploit thi...

7.3CVSS2.6AI score0.006EPSS
Exploits1References1
Huntr
Huntr
added 2022/01/12 11:21 a.m.21 views

Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq

Description chaskid is a Open Source Messaging Platform for Marketing, Support & Sales this package is vulnerable for xss Proof of Concept Impact This vulnerability is capable of stored XSS...

4.3CVSS1.2AI score0.00616EPSS
Exploits1
The Hacker News
The Hacker News
added 2021/09/11 8:22 a.m.40 views

WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud

WhatsApp on Friday announced it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner. The optional feature,...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2021/04/22 1:17 p.m.52 views

Telegram Platform Abused in 'ToxicEye' Malware Campaigns

Hackers are leveraging the popular Telegram messaging app by embedding its code inside a remote access trojan RAT dubbed ToxicEye, new research has found. A victim’s computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account. The ToxicEye malware ca...

0.6AI score
Exploits0References8
ThreatPost
ThreatPost
added 2020/09/30 4:27 p.m.39 views

Facebook Small Business Grants Spark Identity-Theft Scam

Cybercriminals are exploiting a $100 million Facebook grant program designed for small businesses impacted by the pandemic, to phish personal information and take over Facebook accounts. The perpetrators are trying to dupe people into thinking that the social network is handing out free money to...

7AI score
Exploits0References8
Wired Threat Level
Wired Threat Level
added 2020/08/27 9:30 p.m.41 views

How WeChat Censored the Coronavirus Pandemic

In China, the messaging platform blocked thousands of keywords related to the virus, a new report reveals...

1.6AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2019/11/07 9:34 p.m.41 views

Why Many People Got Mysterious Valentine’s Day Texts Today

The issue was reportedly caused by a maintenance update made to “messaging platforms of multiple carriers in the US."...

2.4AI score
Exploits0
ThreatPost
ThreatPost
added 2019/08/08 12:0 p.m.89 views

Black Hat 2019: WhatsApp Users Still Open to Message Manipulation

LAS VEGAS – Researchers at Black Hat USA 2019 demoed how known vulnerabilities in WhatsApp could still be exploited in several attacks that manipulate chats. Facebook-owned WhatsApp is a popular end-to-end encrypted messaging platform with at least 1.5 billion users. Researchers with Check Point...

6.9AI score
Exploits0References7
CNVD
CNVD
added 2017/05/06 12:0 a.m.4 views

SQL Injection Vulnerability in the Content Parameter of smsreportxiang.jsp File on ECS Customer Management Platform

Enterprise letter is the use of java development of a special tailored to the enterprise customer value-added SMS business, enterprise customers in the use of computers at the same time can be completed with the production of office combined with the internal SMS communication. SQL injection...

7.7AI score
Exploits0
Rows per page
Query Builder