Exposure of Discourse
Message boards83
exposure score
2,494
sites use
0
exploited
2
critical
CVEs
248 resultsCVE-2023-22740MEDIUMDiscourse vulnerable to Allocation of Resources Without Limits via Chat draftsEPSS 0.7%CVE-2022-46177MEDIUMDiscourse password reset link can lead to in account takeover if user changes to a new emailEPSS 0.7%CVE-2023-23616LOWDiscourse membership requests lack character limitEPSS 0.7%CVE-2023-23620MEDIUMDiscourse restricted tag routes leak topic informationEPSS 0.7%CVE-2023-28107MEDIUMDiscourse vulnerable to multisite DoS by spamming backupsEPSS 0.7%CVE-2023-38706MEDIUMDiscourse vulnerable to DoS via draftsEPSS 0.6%CVE-2022-31182MEDIUMCache poisoning via maliciously-formed request in DiscourseEPSS 0.6%CVE-2025-48954HIGHDiscourse vulnerable to XSS via user-provided query parameter in oauth failure flowEPSS 0.6%CVE-2022-24850MEDIUMCategory group permissions leaked in DiscourseEPSS 0.6%CVE-2022-46159MEDIUMAny authenticated Discourse user can create an unlisted topicEPSS 0.6%CVE-2024-37299MEDIUMDiscourse vulnerable to DoS via Tag GroupEPSS 0.6%CVE-2024-24827MEDIUMNo rate limits on POST /uploads endpoint in DiscourseEPSS 0.6%CVE-2024-35227HIGHDiscourse vulnerable to DoS through OneboxEPSS 0.6%CVE-2023-23624MEDIUMDiscourse's exclude_tags param could leak which topics had a specific hidden tagEPSS 0.6%CVE-2023-36818MEDIUMDenial of service via User Custom Sidebar Section Unlimited Link Creation in discourseEPSS 0.6%CVE-2023-28112MEDIUMDiscourse's SSRF protection missing for some FastImage requestsEPSS 0.6%CVE-2023-22453MEDIUMDiscourse vulnerable to exposure of user post counts per topic to unauthorized usersEPSS 0.6%CVE-2023-38498MEDIUMDiscourse vulnerable to DoS via defer queueEPSS 0.6%CVE-2022-23549MEDIUMDiscourse vulnerable to bypass of post max_length using HTML commentsEPSS 0.6%CVE-2023-22454HIGHDiscourse vulnerable to Cross-site Scripting through pending post titles descriptionsEPSS 0.6%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →