Discourse Information Disclosure Vulnerability (CNVD-2026-17249)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . An information disclosure vulnerability exists in Discourse. The vulnerability stems from the fact that an authenticated user can send an...

CVE-2026-33411 Discourse's solved topic stream has potential stored XSS in topic title

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a potential stored XSS in topic titles for the solved posts stream. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, ensure that the Content Securi...

CVE-2026-27934 Discourse leaks private topic title and post excerpt via user action API endpoint

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions...

CVE-2026-27934 Discourse leaks private topic title and post excerpt via user action API endpoint

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a lack of visibility checks with a user action API endpoint that results in disclosure of the title and post excerpt to unauthorized users, leading to information disclosure. Versions...

aSc TimeTables security vulnerability

aSc TimeTables is an automated course scheduling software developed by the Slovak company aSc. The aSc TimeTables 2021.6.2 version contains a security vulnerability; this vulnerability arises from the possibility of the topic title field being overwritten with excessive data, which could lead to ...

WordPress BuddyBoss Platform plugin <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bbp_topic_title' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'bbptopictitle' vulnerability discovered by Kaique Peres in WordPress Plugin Buddyboss Platform versions = 2.8.50...

EUVD-2020-29838

Malware in sbrugna...

CVE-2025-60782

PHP Education Manager v1.0 is vulnerable to Cross Site Scripting XSS stored Cross-Site Scripting XSS vulnerability in the topics management module topics.php. Attackers can inject malicious JavaScript payloads into the Titlefield during topic creation or updates...

CVE-2025-60782

PHP Education Manager v1.0 is vulnerable to a stored Cross Site Scripting (XSS) in the topics.php module. The Title field used when creating or updating topics can inject malicious JavaScript, which can execute in affected users’ browsers. Affected product: PHP Education Manager v1.0; vulnerable ...

CVE-2025-48062

Technical details about CVE-2025-48062 are not publicly disclosed in the provided documents. Monitor for updates from official sources.

CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

CVE-2020-9007

Codoforum 4.8.8 allows self-XSS via the title of a new topic...

CVE-2023-36466

CVE-2023-36466 affects Discourse (open source discussion platform). The vulnerability lets a user bypass topic title validations (e.g., title length, emoji count, blank titles) when editing a topic. The root cause is a failure to enforce title validation in the editing flow. Impact is limited to ...

CVE-2023-36466 Topic Title Validation Skipped When Changing Category in Discourse

Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passe...

Discourse 3.1.x < 3.1.0.beta6 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

Discourse < 3.0.5 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

Discourse 授权问题漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. Discourse suffers from an authorization issue vulnerability that stems from allowing attackers to bypass topic title validation. Affected products and versions:...

CVE-2020-9007

Codoforum 4.8.8 allows self-XSS via the title of a new topic...

CVE-2009-2919

Cross-site scripting XSS vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field...

CVE-2009-2919

Cross-site scripting XSS vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field...