Exposición de Discourse
Message boards83
score de exposición
2494
sitios usan
0
en explotación
2
críticos
CVEs
248 resultadosCVE-2024-36113MEDIUMDiscourse missing authorization checks for suspending admins/moderatorsEPSS 0.4%CVE-2023-43659HIGHCross-site Scripting via email preview when CSP disabled in DiscourseEPSS 0.4%CVE-2026-33355MEDIUMDiscourse filters whisper posts from private-posts feedEPSS 0.4%CVE-2021-39161MEDIUMCross-site scripting via category name in DiscourseEPSS 0.4%CVE-2023-44391MEDIUMPrevent unauthorized access to summary details in DiscourseEPSS 0.4%CVE-2023-34250MEDIUMDiscourse vulnerable to exposure of number of topics recently created in private categoriesEPSS 0.4%CVE-2023-38685MEDIUMDiscourse's restricted tag information visible to unauthenticated usersEPSS 0.4%CVE-2026-27454MEDIUMDiscourse has check revision visibility on posts endpointEPSS 0.4%CVE-2023-30606MEDIUMMultisite denial of service through unsanitized dynamic dispatch to SiteSetting in DiscourseEPSS 0.4%CVE-2024-37165MEDIUMDiscourse has an XSS via Onebox systemEPSS 0.4%CVE-2024-45051HIGHBypass of email address validation via encoded email addresses in DiscourseEPSS 0.4%CVE-2024-36122LOWDiscourse doesn't limit reviewable user serializer payloadEPSS 0.4%CVE-2023-30538MEDIUMStored Cross-site Scripting via improper sanitization of svg files in DiscourseEPSS 0.4%CVE-2024-39320MEDIUMDiscourse allows iframe injection though default site settingEPSS 0.4%CVE-2023-32061MEDIUMDiscourse Topic Creation Page Allows iFrame Tag without RestrictionsEPSS 0.4%CVE-2024-49765MEDIUMBypass of Discourse Connect using other login paths if enabled in DiscourseEPSS 0.4%CVE-2023-26040MEDIUMDiscourse chat messages susceptible to Cross-site Scripting through chat excerptsEPSS 0.4%CVE-2025-48877HIGHDiscourse vulnerable to auto-executing of third-party code in embedded CodePen iframeEPSS 0.3%CVE-2024-37157MEDIUMDiscourse vulnerable to Server-Side Request Forgery via FastImageEPSS 0.3%CVE-2023-36473MEDIUMCSP nonce reuse vulnerability in DiscourseEPSS 0.3%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →