Lucene search
K

139 matches found

CNNVD
CNNVD
added 2024/12/19 12:0 a.m.4 views

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse has an authorization issue vulnerability that stems from improper privilege management of the Filter Email List feature in the...

2.7CVSS6.9AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2024/07/09 8:43 a.m.16 views

BIT-DISCOURSE-2024-36122 Discourse doesn't limit reviewable user serializer payload

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

4.3CVSS4.3AI score0.00366EPSS
Exploits0References4
NVD
NVD
added 2024/07/03 8:15 p.m.22 views

CVE-2024-36122

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

4.3CVSS0.00366EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/03 7:10 p.m.17 views

CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

2.4CVSS6.5AI score0.00366EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/03 7:10 p.m.33 views

CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

2.4CVSS0.00366EPSS
Exploits0References3
CVE
CVE
added 2024/07/03 7:10 p.m.68 views

CVE-2024-36122

Discourse vulnerability CVE-2024-36122 affects the open-source forum platform: moderators reviewing users in the review queue could see a user’s email address when the setting to “Allow moderators to view email addresses” is disabled. The issue affects versions prior to 3.2.3 on the stable branch...

4.3CVSS4AI score0.00366EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/07/03 7:10 p.m.27 views

CVE-2024-36122 Discourse doesn't limit reviewable user serializer payload

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

2.4CVSS6.4AI score0.00366EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/03 7:7 p.m.44 views

CVE-2024-36113 Discourse missing authorization checks for suspending admins/moderators

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

4.9CVSS0.00418EPSS
Exploits0References3
Veracode
Veracode
added 2024/05/28 5:1 a.m.8 views

Cross-Site Request Forgery (CSRF)

Silverstripe/forum is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to form actions being directly accessible, allowing an attacker to use GET requests to create members and post to forums, and tricking moderators into clicking crafted URLs to move topics...

7AI score
Exploits0
OSV
OSV
added 2024/03/06 11:9 a.m.19 views

BIT-DISCOURSE-2021-39161 Cross-site scripting via category name in Discourse

Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scriptingXSS attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed...

5.4CVSS5.4AI score0.00413EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.3 views

SUSE CVE-2005-3895

Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary w...

5.8CVSS6.6AI score0.0205EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/05 12:0 a.m.5 views

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability that stems from its tag descriptions that can be updated by moderators allowing an attacker to implement cross-sit...

6.8CVSS5.4AI score0.00478EPSS
Exploits0References3
NVD
NVD
added 2022/11/14 9:15 p.m.28 views

CVE-2022-41913

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...

5.4CVSS0.00375EPSS
Exploits0References2
Prion
Prion
added 2022/11/14 9:15 p.m.18 views

Design/Logic Flaw

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...

5.5CVSS5.4AI score0.00375EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/11/14 12:0 a.m.26 views

CVE-2022-41913 Discourse-calendar exposes members of hidden groups

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...

4.3CVSS5.6AI score0.00375EPSS
Exploits0References4
Hacker One
Hacker One
added 2022/04/18 7:29 p.m.24 views

Reddit: Moderators can send messages to users from banned subreddits via `oauth.reddit.com/api/mod/conversations`

Summary: It is possible for moderators to send messages to users from a banned subreddit. I assume this is not intended considering that when trying to send a message as a banned subreddit via reddit.com/message/compose from field you get a 200 response but the message is never delivered to the...

2.8AI score
Exploits0
NVD
NVD
added 2021/08/26 8:15 p.m.21 views

CVE-2021-39161

Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scriptingXSS attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed...

5.4CVSS0.00413EPSS
Exploits0References1
OSV
OSV
added 2021/08/26 8:15 p.m.10 views

CVE-2021-39161

Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scriptingXSS attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed...

5.4CVSS5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/26 12:0 a.m.4 views

PT-2021-22418 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue allows category names to be used for Cross-site scripting XSS attacks. This is mitigated by Discourse's default Content Security Policy, and...

5.4CVSS5.1AI score0.00413EPSS
Exploits0References6
Wired Threat Level
Wired Threat Level
added 2021/04/21 5:0 p.m.42 views

A Clubhouse Bug Let People Lurk in Rooms Invisibly

The vulnerabilities opened the door to “ghosts” hiding in and disrupting rooms, where moderators would be unable to mute them...

2.7AI score
Exploits0
Rows per page
Query Builder