Exposure of Discourse
Message boards83
exposure score
2,494
sites use
0
exploited
2
critical
CVEs
248 resultsCVE-2022-41921LOWDiscourse chat messages should have a maximum character limitEPSS 0.5%CVE-2023-23935LOWPresence of restricted personal Discourse messages may be leaked if tagged with a tag EPSS 0.5%CVE-2022-39385MEDIUMUsers erroneously and transparently added to private messages in DiscourseEPSS 0.5%CVE-2023-25819MEDIUMDiscourse tags with no visibility are leaking into og:article:tagEPSS 0.5%CVE-2024-28242MEDIUMDisclosure of the existence of secret categories with custom backgrounds in DiscourseEPSS 0.5%CVE-2024-23834MEDIUMDiscourse improperly sanitized user input leads to XSSEPSS 0.5%CVE-2022-39378MEDIUMDisplaying user badges can leak topic titles to users that have no access to the topicEPSS 0.5%CVE-2022-31096MEDIUMInvites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in DiscourseEPSS 0.5%CVE-2023-22455MEDIUMDiscourse vulnerable to Cross-site Scripting through tag descriptionsEPSS 0.5%CVE-2024-38360MEDIUMDenial of service via Watched Words in DiscourseEPSS 0.5%CVE-2024-24748MEDIUMDisclosure of the existence of secret subcategories in DiscourseEPSS 0.5%CVE-2022-46148HIGHDiscourse allows self-XSS through malicious composer messageEPSS 0.5%CVE-2023-23615MEDIUMMalicious users in Discourse can create spam topics as any user due to improper access controlEPSS 0.5%CVE-2023-25172MEDIUMDiscourse vulnerable to Cross-site Scripting - user name displayed on postEPSS 0.5%CVE-2023-37906MEDIUMDiscourse vulnerable to DoS via post edit reasonEPSS 0.4%CVE-2022-41944LOWDiscourse users can see notifications for topics they no longer have access toEPSS 0.4%CVE-2024-43789HIGHDenial of service by the absence of restrictions on replies to posts in DiscourseEPSS 0.4%CVE-2025-53102HIGHDiscourse's WebAuthn challenge isn't cleared from user session after authenticationEPSS 0.4%CVE-2023-32301LOWDiscourse's canonical url not being used for topic embeddingsEPSS 0.4%CVE-2024-53851MEDIUMPartial denial of service via inline oneboxes in DiscourseEPSS 0.4%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →