Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have security vulnerabilities. These vulnerabilities stem from two...

Discourse 信息泄露漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that stems from the /private-posts endpoint not applying post type...

Discourse Access Control Error Vulnerability (CNVD-2026-17484)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that stems from a Chat::AddUsersToChannel add member that bypasses private...

EUVD-2008-6048

Malware in sbrugna...

EUVD-2008-6278

Malware in sbrugna...

BIT-DISCOURSE-2024-56197 Users can see other user's tagged PMs in Discourse

Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the late...

WhatsApp calls and messages will break unless you share data with Facebook

WhatsApp told users last week that there was no need for alarm regarding an upcoming privacy policy deadline, as users who refuse to accept the privacy policy will not have their accounts deleted—they will just have their apps rendered useless, eventually incapable of receiving calls and messages...

WebUntis 2020.12.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications I. VULNERABILITY ------------------------- WebUntis 2020.12.1 - Authenticated Cross Site Scripting II. BACKGROUND ------------------------- WebUntis is a tool for schools and universities to deliver electronic timetables to their students...

WebUntis 2020.12.1 Cross Site Scripting

I. VULNERABILITY ------------------------- WebUntis 2020.12.1 - Authenticated Cross Site Scripting II. BACKGROUND ------------------------- WebUntis is a tool for schools and universities to deliver electronic timetables to their students. Depending from the activated modules it does also contain...

Concrete CMS: Cross Site Scripting (XSS) Stored - Private messaging

• Title: concrete5-8.5.2 Cross Site Scripting XSS Stored - Private messaging • Keyword: crayons • Software : concrete5 • Product Version: 8.5.2 • Vulnerability : Cross Site Scripting XSS Stored • Vulnerable component: Private messaging concrete5 latest version 8.5.2 suffer from persistent Stored...

mybb -- vulnerabilities

mybb Team reports: High risk: Theme import stylesheet name RCE High risk: Nested video MyCode persistent XSS Medium risk: Find Orphaned Attachments reflected XSS Medium risk: Post edit reflected XSS Medium risk: Private Messaging folders SQL injection Low risk: Potential phar deserialization...

XSS Vulnerability at Private Messages in JEESNS System

JEESNS is an open source social management system developed on the JAVA enterprise level platform. JEESNS system at the private message XSS vulnerability , an attacker can use the vulnerability to inject arbitrary Web script or HTML...

Kushner Used WhatsApp, a Very Bad Database Leak, and More Security News This Week

The president's daughter and son-in-law used private messaging against the rules, and more security news this week...

HackerOne: Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers

Summary: Transitioning a private program to public does not clear the previously private updates to hackers Description Include Impact: If you are managing a private bug bounty program and choose to message hackers in the program with a targeted bounty campaign or other limited / private messagin...

Barter Sites 1.3 Joomla Component Multiple Vulnerabilities

No description provided by source. Barter Sites 1.3 Component Joomla SQL Injection & Persistent XSS vulnerabilities Release Date Bug. 28-Oct-2011 Date Added. 01-Oct-2011 Vendor Notification Date. Never Product. Barter Sites Platform. Joomla Affected versions. 1.3 Type. Commercial Price. $99 Attac...

easytalk一处指哪打哪XSS

简要描述： 详细说明： XSS发生在私信 输入XSS代码： 即可触发，盗取cookie 漏洞证明： 顺便再送个反射形 http://www.hahawb.cn/?m=app&a=applist&keyword=%22%3E%3Cimg%20src=1%20onerror=%22alert%281%29%22/%3E...

SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey

SEC Consult Vulnerability Lab Security Advisory 20130417-0 ======================================================================= title: Multiple vulnerabilities in Sosci Survey product: Sosci Survey vulnerable version: 2.3.04a fixed version: 2.3.04a impact: Critical homepage:...

Joomla Component com_soundset LFI Vulnerability

Exploit for php platform in category web applications =============================================== Joomla Component comsoundset LFI Vulnerability =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0...

Kubelance SQL Injection Vulnerability

Exploit for php platform in category web applications ===================================== Kubelance SQL Injection Vulnerability ===================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /...

XOOPS modules/pm/readpmsg.php页面跨站脚本漏洞

BUGTRAQ ID: 37594 Xoops是非常流行的动态web内容管理系统，用面向对象的PHP编写。 Xoops没有正确地过滤提交给modules/pm/readpmsg.php页面的op参数便返回给了用户，远程攻击者可以通过提交恶意参数请求执行跨站脚本攻击，导致在用户浏览器会话中执行任意HTML和脚本代码。成功攻击要求安装了Private Messaging模块。 Xoops 2.x 厂商补丁： Xoops ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...