Vulnerabilities in Discourse
279 resultsCVE-2023-44391MEDIUMPrevent unauthorized access to summary details in DiscourseEPSS 0.4%CVE-2024-54142CRITICALCross-site Scripting via Discourse-ai SharedAiConversation onebox in DiscourseEPSS 0.4%CVE-2023-34250MEDIUMDiscourse vulnerable to exposure of number of topics recently created in private categoriesEPSS 0.4%CVE-2024-31219MEDIUMDiscourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity pageEPSS 0.4%CVE-2024-26145MEDIUMUninvited user is able to join and mark the attendance of the the private eventEPSS 0.4%CVE-2023-38685MEDIUMDiscourse's restricted tag information visible to unauthenticated usersEPSS 0.4%CVE-2023-30606MEDIUMMultisite denial of service through unsanitized dynamic dispatch to SiteSetting in DiscourseEPSS 0.4%CVE-2026-27454MEDIUMDiscourse has check revision visibility on posts endpointEPSS 0.4%CVE-2022-36057MEDIUMDiscourse-Chat Cross-Site Scripting issue for channel names and descriptionsEPSS 0.4%CVE-2024-24755MEDIUMdiscourse-group-membership-ip-block is exposing potentially sensitive custom fieldsEPSS 0.4%CVE-2024-37165MEDIUMDiscourse has an XSS via Onebox systemEPSS 0.4%CVE-2022-41913MEDIUMDiscourse-calendar exposes members of hidden groupsEPSS 0.4%CVE-2022-39270MEDIUMArbitrary HTML injection in table-of-contents theme component in DiscoTOCEPSS 0.4%CVE-2024-35168MEDIUMWordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2022-39279MEDIUMDiscourse-chat plugin susceptible to XSS in channel name and descriptionEPSS 0.4%CVE-2024-36122LOWDiscourse doesn't limit reviewable user serializer payloadEPSS 0.4%CVE-2024-45051HIGHBypass of email address validation via encoded email addresses in DiscourseEPSS 0.4%CVE-2023-30538MEDIUMStored Cross-site Scripting via improper sanitization of svg files in DiscourseEPSS 0.4%CVE-2024-21658MEDIUMInsufficient control of region value length in discourse-calendarEPSS 0.4%CVE-2024-39320MEDIUMDiscourse allows iframe injection though default site settingEPSS 0.4%