CVE-2025-48053 Discourse vulnerable to DoS via large URL payload in PM to a bot

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance...

CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

PT-2024-26909 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches Description: The issue affects moderators using the review queue, allowing them to see a user's email address...

PT-2024-27341 · Discourse +1 · Discourse +1

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta4 on the beta and tests-passed branches Description: Discourse is an open-source discussion platform. A malicious actor could get the FastImage libra...

BIT-DISCOURSE-2021-32764 YouTube Onebox susceptible to XSS

Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. The issue is...

BIT-DISCOURSE-2021-39161 Cross-site scripting via category name in Discourse

Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scriptingXSS attacks. This is mitigated by Discourse's default Content Security Policy and this vulnerability only affects sites which have modified or disabled or changed...

BIT-DISCOURSE-2022-24850 Category group permissions leaked in Discourse

Discourse is an open source platform for community discussion. A category's group permissions settings can be viewed by anyone that has access to the category. As a result, a normal user is able to see whether a group has read/write permissions in the category even though the information should...

BIT-DISCOURSE-2022-31025 Invite bypasses user approval in Discourse

Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the stable branch and 2.9.0 on the beta and tests-passed branches, inviting users on sites that use single sign-on could bypass the mustapproveusers check and invites by staff are always approved automaticall...

BIT-DISCOURSE-2022-31060 Banner topic data is exposed on login-required Discourse sites

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...

BIT-DISCOURSE-2023-23622 Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or...

BIT-DISCOURSE-2023-23624 Discourse's exclude_tags param could leak which topics had a specific hidden tag

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...

BIT-DISCOURSE-2023-25819 Discourse tags with no visibility are leaking into og:article:tag

Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the tests-passed or beta branches = 3.1.0.beta2. The issue is patched in the latest beta and tests-passed version of Discourse...

BIT-DISCOURSE-2023-28111 Discourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addresses

Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, attackers are able to bypass Discourse's server-side request forgery SSRF protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the...

BIT-DISCOURSE-2023-28112 Discourse's SSRF protection missing for some FastImage requests

Discourse is an open-source discussion platform. Prior to version 3.1.0, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the Discourse server to private IP addresses. This...

BIT-DISCOURSE-2023-30538 Stored Cross-site Scripting via improper sanitization of svg files in Discourse

Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Use...

BIT-DISCOURSE-2023-32301 Discourse's canonical url not being used for topic embeddings

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

BIT-DISCOURSE-2023-38706 Discourse vulnerable to DoS via drafts

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the stable branch...

BIT-DISCOURSE-2023-40588 Discourse DoS via 2FA and Security Key Names

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users...

BIT-DISCOURSE-2023-41043 Discourse DoS via SvgSprite cache

Discourse is an open-source discussion platform. Prior to version 3.1.1 of the stable branch and version 3.2.0.beta1 of the beta and tests-passed branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server...

BIT-DISCOURSE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...