15 matches found
EUVD-2022-28589
Malicious code in bioql PyPI...
CVE-2021-32764
Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. The issue is...
CVE-2024-53851
Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This...
CVE-2024-53851 Partial denial of service via inline oneboxes in Discourse
Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This...
CVE-2024-53851 Partial denial of service via inline oneboxes in Discourse
Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This...
CVE-2024-56328 HTMLi(XSS without CSP) via Onebox urls in Discourse
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are...
CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
BIT-DISCOURSE-2021-32764 YouTube Onebox susceptible to XSS
Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. The issue is...
CVE-2021-32764
Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. The issue is...
CVE-2021-32764
Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. The issue is...
Design/Logic Flaw
Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. The issue is...
CVE-2021-32764
Discourse XSS CVE-2021-32764 affects Discourse 2.7.5 and earlier through YouTube Oneboxes parsing/rendering when Content Security Policy is modified or disabled. Root cause is unsafe processing of YouTube Oneboxes; impact is cross-site scripting in affected sites. Affected versions are fixed in s...
PT-2021-19913 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions 2.7.5 and prior Description: Discourse is an open-source discussion platform. The parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks in versions where the default Content Security Policy has been...
Discourse 跨站脚本漏洞
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A cross-site scripting vulnerability exists in Discourse 2.7.5 and prior versions, which stems from the fact that parsing and rendering YouTube Oneboxes may be vulnerable to...