Vulnerabilidades en discourse
279 resultadosCVE-2022-46150MEDIUMDiscourse may allow exposure of hidden tags in the subject of notification emailsEPSS 0.5%CVE-2022-46168LOWGroup SMTP user emails are exposed in CC email headerEPSS 0.5%CVE-2022-39241HIGHPossible Server-Side Request Forgery (SSRF) in webhooksEPSS 0.5%CVE-2023-48297HIGHDiscourse vulnerable to unlimited mentioned users in message serializerEPSS 0.5%CVE-2023-40588MEDIUMDiscourse DoS via 2FA and Security Key NamesEPSS 0.5%CVE-2023-41043MEDIUMDiscourse DoS via SvgSprite cacheEPSS 0.5%CVE-2023-41042MEDIUMDiscourse DoS via remote theme assetsEPSS 0.5%CVE-2023-22468HIGHDiscourse vulnerable to Cross-site Scripting in local oneboxesEPSS 0.5%CVE-2022-41921LOWDiscourse chat messages should have a maximum character limitEPSS 0.5%CVE-2023-43658HIGHImproper escaping of user input in discourse-calendarEPSS 0.5%CVE-2023-23935LOWPresence of restricted personal Discourse messages may be leaked if tagged with a tag EPSS 0.5%CVE-2022-39385MEDIUMUsers erroneously and transparently added to private messages in DiscourseEPSS 0.5%CVE-2023-25819MEDIUMDiscourse tags with no visibility are leaking into og:article:tagEPSS 0.5%CVE-2024-28242MEDIUMDisclosure of the existence of secret categories with custom backgrounds in DiscourseEPSS 0.5%CVE-2023-43657HIGHImproper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configurationEPSS 0.5%CVE-2024-23834MEDIUMDiscourse improperly sanitized user input leads to XSSEPSS 0.5%CVE-2022-39378MEDIUMDisplaying user badges can leak topic titles to users that have no access to the topicEPSS 0.5%CVE-2022-31096MEDIUMInvites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in DiscourseEPSS 0.5%CVE-2023-22455MEDIUMDiscourse vulnerable to Cross-site Scripting through tag descriptionsEPSS 0.5%CVE-2022-46180MEDIUMArbitrary HTML injection in discourse-mermaid-theme-componentEPSS 0.5%