Discourse < 2.8.14 Multiple Vulnerability

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

CVE-2022-46159

Discourse (open-source discussion platform) is affected by CVE-2022-46159. Vulnerable versions: stable branch up to 2.8.13, beta/tests-passed branches up to 2.9.0.beta14. The issue allows any authenticated user to create an unlisted topic, which consumes site resources since these topics aren’t r...

CVE-2022-46159 Any authenticated Discourse user can create an unlisted topic

Discourse is an open-source discussion platform. In version 2.8.13 and prior on the stable branch and version 2.9.0.beta14 and prior on the beta and tests-passed branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take u...

CVE-2022-46159 Any authenticated Discourse user can create an unlisted topic

Discourse is an open-source discussion platform. In version 2.8.13 and prior on the stable branch and version 2.9.0.beta14 and prior on the beta and tests-passed branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take u...

XenMobile Sever - iOS Devices failing to deploy apps and policies - TOPIC MISMATCH Error

Devices not getting latest changes, and on the XMS Console we see the device information is not up to date last login, OS version, App Inventory On the logs see entries like: TOPIC MISMATCH errors 2021-10-04T16:03:42.153-0600 | Basic XXXXXXXXX| WARN | http-nio-10443-exec-3752 |...

PT-2022-26174 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.12 Discourse versions prior to 2.9.0.beta13 Description: Discourse is an open-source discussion platform. Under certain conditions, a user can see notifications for topics they no longer have access to,...

OESA-2022-2053 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

CVE-2022-40632

Cross-Site Request Forgery CSRF vulnerability in gVectors Team wpForo Forum plugin = 2.0.5 on WordPress leading to topic deletion...

CVE-2022-40632

Cross-Site Request Forgery CSRF vulnerability in gVectors Team wpForo Forum plugin = 2.0.5 on WordPress leading to topic deletion...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in gVectors Team wpForo Forum plugin = 2.0.5 on WordPress leading to topic deletion...

CVE-2022-40632 WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in gVectors Team wpForo Forum plugin = 2.0.5 on WordPress leading to topic deletion...

CVE-2022-40632 WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in gVectors Team wpForo Forum plugin = 2.0.5 on WordPress leading to topic deletion...

CVE-2022-40632

CVE-2022-40632 details a Cross-Site Request Forgery (CSRF) in the gVectors Team wpForo Forum plugin for WordPress, version

PT-2022-25430 · Gvectors Team · Wpforo Forum

Name of the Vulnerable Software and Affected Versions: gVectors Team wpForo Forum plugin versions = 2.0.5 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that can lead to topic deletion. This occurs in the gVectors Team wpForo Forum plugin on WordPress. Recommendations:...

PT-2022-24939 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue affects Discourse, a platform for community discussion. Under certain conditions, a user badge may be awarded based on a user's activity in a...

CVE-2022-38902

A Cross-site scripting XSS vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic...

Cross site scripting

A Cross-site scripting XSS vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic...

Liferay DXP 跨站脚本漏洞

Liferay DXP is a digital experience collaboration platform from Liferay, Inc. A security vulnerability exists in Liferay DXP version 7.3.10 SP3, Liferay Portal versions 7.3.0 through 7.4.0, which originates from a vulnerability that could allow a remote attacker to inject arbitrary JS script or...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A cross-site scripting vulnerability exists in versions prior to Discourse DiscoTOC 2.1.0, which stems from the lack of escaping and filtering of input data on pages that can...

PT-2022-24858 · Discotoc · Discotoc

Name of the Vulnerable Software and Affected Versions: DiscoTOC versions prior to the fixed version on the main branch Description: The issue allows users to inject arbitrary HTML on a topic's page if they can create topics in TOC-enabled categories and have a sufficient trust level. The estimate...