Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/08/21 5:29 p.m.13 views

CVE-2025-54411

Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcomebanner.header.loggedinmembers site text to remove the...

5.4CVSS6AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2025/08/19 5:15 p.m.9 views

CVE-2025-54411

Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcomebanner.header.loggedinmembers site text to remove the...

5.4CVSS0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/19 4:41 p.m.9 views

CVE-2025-54411 Discourse welcome banner user name XSS

Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcomebanner.header.loggedinmembers site text to remove the...

2.4CVSS0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/19 4:41 p.m.4 views

CVE-2025-54411 Discourse welcome banner user name XSS

Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcomebanner.header.loggedinmembers site text to remove the...

2.4CVSS6AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2025/08/19 4:41 p.m.6 views

CVE-2025-54411 Discourse welcome banner user name XSS

Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcomebanner.header.loggedinmembers site text to remove the...

2.4CVSS6AI score0.00187EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/06/26 12:0 a.m.4 views

Discourse 3.5.x < 3.5.0.beta8 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

9.8CVSS5.8AI score0.00451EPSS
Exploits0References3
NVD
NVD
added 2025/06/25 4:15 p.m.8 views

CVE-2025-49845

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...

7.5CVSS0.00337EPSS
Exploits0References1
OSV
OSV
added 2025/06/25 3:39 p.m.6 views

CVE-2025-49845 Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers

Discourse is an open-source discussion platform. The visibility of posts typed whisper is controlled via the whispersallowedgroups site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed whisper. However, it has been discovered that users of...

6.3CVSS6.3AI score0.00337EPSS
Exploits0References3
Rows per page
Query Builder