Discourse < 3.0.5 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

GHSA-J2R7-3RVW-G7GX Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

PT-2023-22685 · Apache · Apache Pulsar Broker

Name of the Vulnerable Software and Affected Versions: Apache Pulsar Broker versions 2.9.0 through 2.9.5 Apache Pulsar Broker versions 2.10.0 through 2.10.3 Apache Pulsar Broker version 2.11.0 Description: The issue is related to an Incorrect Authorization vulnerability in Apache Pulsar Broker's...

GZ Forum Script 1.8 - Stored Cross-Site Scripting Vulnerability

Exploit Title: GZ Forum Script 1.8 - Stored Cross-Site Scripting XSS Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/gz-forum-script.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site Relea...

GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)

Exploit Title: GZ Forum Script 1.8 - Stored Cross-Site Scripting XSS Date: 30/06/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/gz-forum-script.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content ...

PT-2023-3566 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed version Description: The issue is related to insufficient input validation when processing topic titles, allowing a remote attacker to impact the integrity and availability ...

CVE-2023-32301

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

Design/Logic Flaw

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

CVE-2023-34250 Discourse vulnerable to exposure of number of topics recently created in private categories

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, an attacker could use the new topics dismissal endpoint to reveal the number of topics recently created but not the actual content thereof in...

CVE-2023-32301 Discourse's canonical url not being used for topic embeddings

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

CVE-2023-32301

Discourse prior to versions 3.0.4 (stable) and 3.1.0.beta5 (beta/tests-passed) were affected by a flaw that could allow creation of multiple duplicate topics when topic embedding is enabled. The underlying issue is fixed in Discourse 3.0.4 (stable) and 3.1.0.beta5 (beta/tests-passed). A workaroun...

CVE-2023-32301 Discourse's canonical url not being used for topic embeddings

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

CVE-2023-32301 Discourse's canonical url not being used for topic embeddings

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

PT-2023-23712 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.4 Discourse version 3.1.0.beta5 and earlier in the beta and tests-passed branches Description: Discourse is an open source discussion platform. Multiple duplicate topics could be created if topic embedding is...

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse versions prior to 3.0.4 stable, 3.1.0.beta5 and prior to 3.1.0.beta5, which stems from the possibility that multiple...

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse prior to 3.0.4 stable, 3.1.0.beta5, which stems from the topic creation page allowing unrestricted iFrame markup...

Welotec TK500 访问控制错误漏洞

The Welotec TK500 is an industrial-grade 4G LTE router from Welotec. The Welotec TK500 suffers from an access control error vulnerability that originates from the fact that an unauthenticated, remote attacker who knows the name of the MQTT topic can send and receive messages, including GET/SET...

CVE-2023-30611 Reaction metadata exposed in private topics in Discourse-reactions

Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to...

PT-2023-22808 · Discourse · Discourse-Reactions

Name of the Vulnerable Software and Affected Versions: Discourse-reactions versions prior to 0.3 Description: The Discourse-reactions plugin for the Discourse messaging platform has an issue where data about reactions performed on a post in a private topic could be leaked. This affects the...

CVE-2023-23622

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or...