BIT-DISCOURSE-2022-31060 Banner topic data is exposed on login-required Discourse sites

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...

BIT-DISCOURSE-2022-39232

Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete...

Discourse 2.9.0.beta5 - 2.9.0.beta9 DoS Vulnerability

Discourse is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"...

Design/Logic Flaw

Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete...

CVE-2022-39232 Discourse vulnerable to incomplete quote causing a topic to crash in the browser

Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete...

CVE-2022-39232 Discourse vulnerable to incomplete quote causing a topic to crash in the browser

Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete...

CVE-2022-31060

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...

Design/Logic Flaw

Discourse is an open-source discussion platform. Prior to version 2.8.4 in the stable branch and version 2.9.0.beta5 in the beta and tests-passed branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the stable branch and version 2.9.0.beta5 in...

CVE-2022-31060

Discourse banner topic data exposure affects versions prior to 2.8.4 (stable) and prior to 2.9.0.beta5 (beta/tests-passed). The vulnerability exposes banner topic data on login-required sites. Fixes are in Discourse 2.8.4 (stable) and 2.9.0.beta5 (beta/tests-passed); as a workaround, banners can ...

Discourse 2.8.0.beta6 < 2.9.0.beta5 XSS Vulnerability

Discourse is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...