CVE-2023-22455

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full...

CVE-2023-22454

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...

CVE-2023-22453

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the /u/username.json endpoint. The issue...

BIT-DISCOURSE-2023-22453 Discourse vulnerable to exposure of user post counts per topic to unauthorized users

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the /u/username.json endpoint. The issue...

BIT-DISCOURSE-2023-22454 Discourse vulnerable to Cross-site Scripting through pending post titles descriptions

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...

Design/Logic Flaw

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the /u/username.json endpoint. The issue...

CVE-2023-22455 Discourse vulnerable to Cross-site Scripting through tag descriptions

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full...

CVE-2023-22454 Discourse vulnerable to Cross-site Scripting through pending post titles descriptions

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...