Exposure of Discourse
Message boards83
exposure score
2,494
sites use
0
exploited
2
critical
CVEs
248 resultsCVE-2023-29196MEDIUMHTML injection via topic embedding in DiscourseEPSS 0.3%CVE-2026-27936MEDIUMDiscourse discloses restricted post-action counts to non-privileged usersEPSS 0.3%CVE-2026-32099MEDIUMDiscourse prevents hidden profile data leak via user oneboxEPSS 0.3%CVE-2025-68662HIGHFinalDestination hostname matching allows SSRF protection bypassEPSS 0.3%CVE-2025-49845MEDIUMDiscourse users are able to see their own whispers even after being removed from a group that has been configured to see whispersEPSS 0.3%CVE-2026-33394LOWDiscourse leaks PM post edits to moderatorsEPSS 0.3%CVE-2026-33422LOWDiscourse exposes ip_address of flagged userEPSS 0.3%CVE-2026-27021MEDIUMDiscourse: Poll voters endpoint lacked post visibility checksEPSS 0.3%CVE-2022-23546MEDIUMDiscourse vulnerable to private topic leak via email#send_digestEPSS 0.3%CVE-2026-30889MEDIUMDiscourse has Unauthorized Post Data Exposure in discourse-user-notesEPSS 0.3%CVE-2026-33408LOWDiscourse has Improper Authorization in "Post Edits" Report For ModeratorsEPSS 0.3%CVE-2024-52794MEDIUMMagnific lightbox susceptible to Cross-site Scripting in DiscourseEPSS 0.3%CVE-2026-33428MEDIUMDiscourse Allows Unauthorized Access to Deleted Posts Index via Group MembershipEPSS 0.3%CVE-2025-59337MEDIUMDiscourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite DeploymentsEPSS 0.3%CVE-2026-27935MEDIUMDiscourse leaks private topic metadata to non-authorized usersEPSS 0.3%CVE-2023-45147MEDIUMArbitrary keys can be added to a topic's custom fields by any user in DiscourseEPSS 0.3%CVE-2024-53994MEDIUMPotential bypass of chat permissions in DiscourseEPSS 0.3%CVE-2023-45816LOWUnread bookmark reminder notifications that the user cannot access can be seenEPSS 0.3%CVE-2026-44786HIGHDiscourse: Public chat MessageBus broadcasts are not restricted to chat-eligible usersEPSS 0.3%CVE-2024-53266MEDIUMCross-site Scripting (XSS) via topic titles when CSP disabled in DiscourseEPSS 0.3%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →