Vulnerabilities in Discourse
279 resultsCVE-2023-32061MEDIUMDiscourse Topic Creation Page Allows iFrame Tag without RestrictionsEPSS 0.4%CVE-2024-49765MEDIUMBypass of Discourse Connect using other login paths if enabled in DiscourseEPSS 0.4%CVE-2023-26040MEDIUMDiscourse chat messages susceptible to Cross-site Scripting through chat excerptsEPSS 0.4%CVE-2024-37157MEDIUMDiscourse vulnerable to Server-Side Request Forgery via FastImageEPSS 0.3%CVE-2025-48877HIGHDiscourse vulnerable to auto-executing of third-party code in embedded CodePen iframeEPSS 0.3%CVE-2023-36473MEDIUMCSP nonce reuse vulnerability in DiscourseEPSS 0.3%CVE-2026-27570MEDIUMDiscourse Vulnerable to Stored XSS via Shared AI Conversation OneboxEPSS 0.3%CVE-2023-36466LOWTopic Title Validation Skipped When Changing Category in DiscourseEPSS 0.3%CVE-2025-22601LOWClient Side Path Traversal using activate account route in DiscourseEPSS 0.3%CVE-2025-46813MEDIUMPrivate data leak on login-required Discourse sitesEPSS 0.3%CVE-2025-22602MEDIUMStored DOM-based XSS (without CSP) via video placeholders in DiscourseEPSS 0.3%CVE-2024-56328MEDIUMHTMLi(XSS without CSP) via Onebox urls in DiscourseEPSS 0.3%CVE-2024-35234MEDIUMDiscourse vulnerable to stored-dom XSS via Facebook OneboxesEPSS 0.3%CVE-2026-28282LOWDiscourse vulnerable to group membership addition permission bypass via discourse-policy pluginEPSS 0.3%CVE-2024-47772MEDIUMCross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in DiscourseEPSS 0.3%CVE-2024-56197LOWUsers can see other user's tagged PMs in DiscourseEPSS 0.3%CVE-2026-27491MEDIUMDiscourse has a bypass of official warnings messages by non-staff usersEPSS 0.3%CVE-2025-24972MEDIUMDiscourse may bypass user preference when adding users to chat groupsEPSS 0.3%CVE-2026-27740MEDIUMDiscourse has Stored XSS in AI Triage AutomationEPSS 0.3%CVE-2026-45775MEDIUMDiscourse: Cross-site backup access via path traversal in multisite local backupsEPSS 0.3%