CVE-2023-43657 Improper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration

discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting XSS issue when a site has content security policy CSP headers disabled. Having CSP disabled is a non-default configuration...

CVE-2023-5223

A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2023-5223

A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the publi...

Design/Logic Flaw

A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2023-5223 HimitZH HOJ Topic sandbox

A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2023-5223 HimitZH HOJ Topic sandbox

A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the publi...

HimitZH HOJ Security Breach

HimitZH HOJ is an online review system for HimitZH individual developers. A security vulnerability exists in HimitZH HOJ version 4.6-9a65e3f, which stems from an unknown handler in the component Topic Handler, resulting in a sandboxing issue...

PT-2023-31941 · Unknown · Himitzh Hoj

Name of the Vulnerable Software and Affected Versions: HimitZH HOJ versions up to 4.6-9a65e3f Description: A critical issue has been found in the Topic Handler component, leading to a sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

Enhancesoft osTicket SQL Injection Vulnerability

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. A security vulnerability exists in Enhancesoft osTicket v1.15.6, which originates from an SQL injection vulnerability in the Search function of the tickets.php page, allowing an authenticated attacker to execute...

CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...

Exploit for Improper Authentication in Ivanti Endpoint_Manager_Mobile

CVE-2023-35078-Poc-Exploit This tool is built in golang langua...

Design/Logic Flaw

Discourse is an open source discussion platform. Prior to version 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of th...

PT-2023-26549 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.6 of the stable branch and version 3.1.0.beta7 of the beta and tests-passed branches. Description: Discourse is an open source discussion platform. Information about restricted-visibility topic tags could be...

The vulnerability of the Discourse mailing list management software lies in the insufficient verification of input data, allowing attackers to compromise the integrity and accessibility of the protected information.

The vulnerability of the Discourse mailing list management software is related to insufficient validation of input data during the processing of topic headers. Exploitation of this vulnerability could allow a malicious actor to compromise the integrity and accessibility of the protected informati...

CVE-2023-36466

Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passe...

CVE-2023-36466

CVE-2023-36466 affects Discourse (open source discussion platform). The vulnerability lets a user bypass topic title validations (e.g., title length, emoji count, blank titles) when editing a topic. The root cause is a failure to enforce title validation in the editing flow. Impact is limited to ...

CVE-2023-36466 Topic Title Validation Skipped When Changing Category in Discourse

Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passe...

Incorrect Authorization

org.apache.pulsar:pulsar-broker is vulnerable to Incorrect Authorization. An authenticated users is able to send messages to any topic utilizing the broker's admin role by using the library's Rest producer. There are two risks for the impacted users: an attacker might send useless messages to any...

Discourse 授权问题漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. Discourse suffers from an authorization issue vulnerability that stems from allowing attackers to bypass topic title validation. Affected products and versions:...

Discourse < 3.0.5 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...