70 matches found
CVE-2023-23935
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...
Design/Logic Flaw
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...
CVE-2023-23935 Presence of restricted personal Discourse messages may be leaked if tagged with a tag
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...
CVE-2023-23935 Presence of restricted personal Discourse messages may be leaked if tagged with a tag
Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...
Design/Logic Flaw
Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the stable branch and versions 2.9.0.beta11 and prior on the beta and tests-passed branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS o...
CVE-2022-46148 Discourse allows self-XSS through malicious composer message
Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the stable branch and versions 2.9.0.beta11 and prior on the beta and tests-passed branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS o...
CVE-2022-46148 Discourse allows self-XSS through malicious composer message
Discourse is an open-source messaging platform. In versions 2.8.10 and prior on the stable branch and versions 2.9.0.beta11 and prior on the beta and tests-passed branches, users composing malicious messages and navigating to drafts page could self-XSS. This vulnerability can lead to a full XSS o...
CVE-2022-41913
CVE-2022-41913 affects the Discourse-calendar plugin for Discourse. When discourse_post_event_enabled is on, users can list members of private groups or private-group members in dynamic calendar posts, enabling disclosure of group membership. The issue is mitigated by upgrading to a version that ...
Apache Pulsar Trust Management Issues Vulnerability
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-machine room cross-region data replication...
CVE-2022-24866 Exposure of Sensitive Information to an Unauthorized Actor in Discourse Assign
Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could...
Mattermost Server Buffer Overflow Vulnerability
Mattermost Server is an open source messaging platform from Mattermost, Inc. A buffer overflow vulnerability exists in Mattermost server. POST body to crash the server...
chaskiq Cross-Site Scripting Vulnerability (CNVD-2022-08227)
Chaskiq is an open source messaging platform. It is used for marketing, support and sales. chaskiq suffers from a cross-site scripting vulnerability that stems from the fact that chaskiq is vulnerable to input errors during web page generation "cross-site scripting". An attacker could exploit thi...
Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq
Description chaskid is a Open Source Messaging Platform for Marketing, Support & Sales this package is vulnerable for xss Proof of Concept Impact This vulnerability is capable of stored XSS...
WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud
WhatsApp on Friday announced it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner. The optional feature,...
Telegram Platform Abused in 'ToxicEye' Malware Campaigns
Hackers are leveraging the popular Telegram messaging app by embedding its code inside a remote access trojan RAT dubbed ToxicEye, new research has found. A victim’s computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account. The ToxicEye malware ca...
Facebook Small Business Grants Spark Identity-Theft Scam
Cybercriminals are exploiting a $100 million Facebook grant program designed for small businesses impacted by the pandemic, to phish personal information and take over Facebook accounts. The perpetrators are trying to dupe people into thinking that the social network is handing out free money to...
How WeChat Censored the Coronavirus Pandemic
In China, the messaging platform blocked thousands of keywords related to the virus, a new report reveals...
Why Many People Got Mysterious Valentine’s Day Texts Today
The issue was reportedly caused by a maintenance update made to “messaging platforms of multiple carriers in the US."...
Black Hat 2019: WhatsApp Users Still Open to Message Manipulation
LAS VEGAS – Researchers at Black Hat USA 2019 demoed how known vulnerabilities in WhatsApp could still be exploited in several attacks that manipulate chats. Facebook-owned WhatsApp is a popular end-to-end encrypted messaging platform with at least 1.5 billion users. Researchers with Check Point...
SQL Injection Vulnerability in the Content Parameter of smsreportxiang.jsp File on ECS Customer Management Platform
Enterprise letter is the use of java development of a special tailored to the enterprise customer value-added SMS business, enterprise customers in the use of computers at the same time can be completed with the production of office combined with the internal SMS communication. SQL injection...