Exposición de Discourse
Message boards83
score de exposición
2494
sitios usan
0
en explotación
2
críticos
CVEs
248 resultadosCVE-2026-27570MEDIUMDiscourse Vulnerable to Stored XSS via Shared AI Conversation OneboxEPSS 0.3%CVE-2023-36466LOWTopic Title Validation Skipped When Changing Category in DiscourseEPSS 0.3%CVE-2025-22601LOWClient Side Path Traversal using activate account route in DiscourseEPSS 0.3%CVE-2025-46813MEDIUMPrivate data leak on login-required Discourse sitesEPSS 0.3%CVE-2024-56328MEDIUMHTMLi(XSS without CSP) via Onebox urls in DiscourseEPSS 0.3%CVE-2025-22602MEDIUMStored DOM-based XSS (without CSP) via video placeholders in DiscourseEPSS 0.3%CVE-2024-35234MEDIUMDiscourse vulnerable to stored-dom XSS via Facebook OneboxesEPSS 0.3%CVE-2026-28282LOWDiscourse vulnerable to group membership addition permission bypass via discourse-policy pluginEPSS 0.3%CVE-2024-47772MEDIUMCross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in DiscourseEPSS 0.3%CVE-2024-56197LOWUsers can see other user's tagged PMs in DiscourseEPSS 0.3%CVE-2026-27491MEDIUMDiscourse has a bypass of official warnings messages by non-staff usersEPSS 0.3%CVE-2025-24972MEDIUMDiscourse may bypass user preference when adding users to chat groupsEPSS 0.3%CVE-2026-27740MEDIUMDiscourse has Stored XSS in AI Triage AutomationEPSS 0.3%CVE-2026-45775MEDIUMDiscourse: Cross-site backup access via path traversal in multisite local backupsEPSS 0.3%CVE-2023-49099LOWDiscourse secure uploads accessible to guests even when login is requiredEPSS 0.3%CVE-2023-31142LOWDiscourse's general category permissions could be set back to defaultEPSS 0.3%CVE-2024-45297MEDIUMPrevent topic list filtering by hidden tags for unauthorized users in DiscourseEPSS 0.3%CVE-2023-37467MEDIUMDiscourse CSP nonce reuse vulnerability for anonymous usersEPSS 0.3%CVE-2025-48053HIGHDiscourse vulnerable to DoS via large URL payload in PM to a botEPSS 0.3%CVE-2023-43814LOWExposure of poll options and votes to unauthorized users in DiscourseEPSS 0.3%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →