David Taylor

21 exploits Active since Jul 2019
CVE-2019-1020017 WRITEUP MEDIUM WRITEUP
Discourse <2.3.0, <2.4.0.beta3 - Info Disclosure
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
CVSS 5.3
CVE-2019-1020018 WRITEUP HIGH WRITEUP
Discourse <2.3.0, <2.4.0.beta3 - Info Disclosure
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
CVSS 7.3
CVE-2020-26254 WRITEUP HIGH WRITEUP
omniauth-apple <1.0.1 - Info Disclosure
omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (RubyGem omniauth-apple). In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth's Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker's choice including email addresses of other users. Applications not using info.email for identification but are instead using the uid field are not impacted in the same manner. Note, these applications may still be negatively affected if the value of info.email is being used for other purposes. Applications using affected versions of omniauth-apple are advised to upgrade to omniauth-apple version 1.0.1 or later.
CVSS 7.7
CVE-2021-41163 WRITEUP CRITICAL WRITEUP
Discourse - Remote Code Execution via Unvalidated subscribe_url
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy.
CVSS 10.0
CVE-2021-43793 WRITEUP MEDIUM WRITEUP
Discourse < 2.7.11 - Improper Privilege Management in Polls Feature
Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse
CVSS 4.3
CVE-2024-37299 WRITEUP MEDIUM WRITEUP
Discourse < 3.2.5 - Denial of Service via Long Tag Group Name
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
CVSS 4.9
CVE-2024-39320 WRITEUP MEDIUM WRITEUP
Discourse < 3.2.5 - Unauthenticated iframe Injection via Allowed Iframes Bypass
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
CVSS 6.1
CVE-2026-27740 WRITEUP MEDIUM WRITEUP
Discourse has Stored XSS in AI Triage Automation
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model (LLM) and renders it using htmlSafe in the Review Queue interface without adequate sanitization. A malicious attacker can use valid Prompt Injection techniques to force the AI to return a malicious payload (e.g., tags). When a Staff member (Admin/Moderator) views the flagged post in the Review Queue, the payload executes. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, temporarily disable AI triage automation scripts.
CVSS 6.1
CVE-2019-1020017 WRITEUP MEDIUM WRITEUP
Discourse <2.3.0, <2.4.0.beta3 - Info Disclosure
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
CVSS 5.3
CVE-2019-1020018 WRITEUP HIGH WRITEUP
Discourse <2.3.0, <2.4.0.beta3 - Info Disclosure
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
CVSS 7.3
CVE-2021-41263 WRITEUP HIGH WRITEUP
rails_multisite <4 - Info Disclosure
rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.
CVSS 8.3
CVE-2021-41271 WRITEUP MEDIUM WRITEUP
Discourse < 2.7.9 - Exposure of Sensitive Information via Error Response Caching
Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
CVSS 4.8
CVE-2021-43794 WRITEUP MEDIUM WRITEUP
Discourse < 2.7.11 - Cache Poisoning Denial of Service for Anonymous Users
Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.
CVSS 5.3
CVE-2022-24824 WRITEUP MEDIUM WRITEUP
Discourse < 2.8.3 - Unauthenticated Cache Poisoning via Crawler View Injection
Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. There are no known workarounds for this issue.
CVSS 5.3
CVE-2022-39355 WRITEUP CRITICAL WRITEUP
Discourse Patreon < 2022-10-26 - Improper Authentication via Patreon Login
Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts.
CVSS 9.1
CVE-2023-43657 WRITEUP HIGH WRITEUP
discourse-encrypt < 2023-09-28 - Cross-Site Scripting via Encrypted Topic Title
discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured.
CVSS 7.2
CVE-2023-43658 WRITEUP HIGH WRITEUP
discourse_calendar < 2023-10-16 - Cross-Site Scripting in Email Preview UI
dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview' UI when a site has CSP disabled. Having CSP disabled is a non-default configuration, so the vast majority of sites are unaffected. This problem is resolved in the latest version of the discourse-calendar plugin. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.
CVSS 8.0
CVE-2023-44384 WRITEUP MEDIUM WRITEUP
discourse_jira < 2023-10-01 - Authenticated Server-Side Request Forgery via Jira URL Configuration
Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application.
CVSS 4.1
CVE-2024-23834 WRITEUP MEDIUM WRITEUP
Discourse < 3.1.5 and < 3.2.0 - Cross-Site Scripting
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.
CVSS 6.3
CVE-2024-37299 WRITEUP MEDIUM WRITEUP
Discourse < 3.2.5 - Denial of Service via Long Tag Group Name
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
CVSS 4.9
CVE-2024-39320 WRITEUP MEDIUM WRITEUP
Discourse < 3.2.5 - Unauthenticated iframe Injection via Allowed Iframes Bypass
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
CVSS 6.1