Exposure of Discourse
Message boards83
exposure score
2,494
sites use
0
exploited
2
critical
CVEs
248 resultsCVE-2024-27085MEDIUMDenial of service through invites in DiscourseEPSS 0.6%CVE-2023-25167MEDIUMRegular expression denial of service via installing themes via git in discourseEPSS 0.6%CVE-2024-21655MEDIUMInsufficient control of custom field value sizesEPSS 0.6%CVE-2021-41095MEDIUMXSS via blocked watched word in error messageEPSS 0.6%CVE-2022-31184MEDIUMEmail activation route can be abused by spammers in DiscourseEPSS 0.6%CVE-2022-39356HIGHDiscourse user account takeover via email and invite linkEPSS 0.6%CVE-2024-27100MEDIUMDenial of service via Staff Actions in DiscourseEPSS 0.6%CVE-2023-28111MEDIUMDiscourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addressesEPSS 0.6%CVE-2021-32764HIGHYouTube Onebox susceptible to XSSEPSS 0.5%CVE-2023-23622MEDIUMDiscourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all usersEPSS 0.5%CVE-2023-44388HIGHMalicious requests can fill up the log files resulting in a deinal of service in DiscourseEPSS 0.5%CVE-2023-38684MEDIUMDiscourse vulnerable to ossible DDoS due to unbounded limits in various controller actionsEPSS 0.5%CVE-2022-46150MEDIUMDiscourse may allow exposure of hidden tags in the subject of notification emailsEPSS 0.5%CVE-2022-46168LOWGroup SMTP user emails are exposed in CC email headerEPSS 0.5%CVE-2022-39241HIGHPossible Server-Side Request Forgery (SSRF) in webhooksEPSS 0.5%CVE-2023-48297HIGHDiscourse vulnerable to unlimited mentioned users in message serializerEPSS 0.5%CVE-2023-41043MEDIUMDiscourse DoS via SvgSprite cacheEPSS 0.5%CVE-2023-40588MEDIUMDiscourse DoS via 2FA and Security Key NamesEPSS 0.5%CVE-2023-41042MEDIUMDiscourse DoS via remote theme assetsEPSS 0.5%CVE-2023-22468HIGHDiscourse vulnerable to Cross-site Scripting in local oneboxesEPSS 0.5%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →