discourse

274 tracked vulnerabilities.

CVE-2022-39355 CRITICAL
Discourse Patreon < 2022-10-26 - Improper Authentication via Patreon Login
Oct 26, 2022
CVSS 9.1
EPSS 0.00
CVE-2022-39279 MEDIUM
discourse-chat < 0.9 - Authenticated Stored Cross-Site Scripting via Channel Name and Description
Oct 06, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-39270 MEDIUM
discourse/discotoc < 2.1.0 - Authenticated Stored Cross-Site Scripting via Topic Creation
Oct 06, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-39232 MEDIUM
Discourse 2.9.0.beta5-2.9.0.beta10 - Denial of Service via Incomplete Quote Handling
Sep 29, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-39226 MEDIUM
Discourse < 2.8.9 - Denial of Service via Large Payload in User Profile Fields
Sep 29, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-36068 HIGH
Discourse <2.8.9-2.9.0.beta10 - Privilege Escalation
Sep 29, 2022
CVSS 7.2
EPSS 0.00
CVE-2022-36066 CRITICAL
Discourse <2.8.9-2.9.0.beta10 - RCE
Sep 29, 2022
CVSS 9.1
EPSS 0.03
CVE-2022-36057 MEDIUM
discourse-chat < 0.9 - Cross-Site Scripting via Chat Title and Description
Sep 06, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-37458 HIGH
Discourse < 2.8.7 - Unauthenticated Unlimited Invitation Spam
Sep 02, 2022
CVSS 7.2
EPSS 0.01
CVE-2022-31184 MEDIUM
Discourse < 2.8.6 - Unauthenticated Mass Spam Email via Email Activation Route
Aug 01, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-31182 MEDIUM
Discourse < 2.8.7 - Denial of Service via Malicious Static Asset Request
Aug 01, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-31096 MEDIUM
Discourse < 2.8.4 - Authenticated Permission Bypass via Invite Email Validation
Jun 27, 2022
CVSS 5.7
EPSS 0.00
CVE-2022-31095 MEDIUM
Discourse-chat <0.4 - Info Disclosure
Jun 21, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-31060 MEDIUM
Discourse <2.8.4-2.9.0.beta5 - Info Disclosure
Jun 14, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-31059 MEDIUM
discourse_calendar < 1.0.1 - Cross-Site Scripting in Event Name Rendering
Jun 14, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-31025 LOW
Discourse <2.8.4-2.9.0.beta5 - Auth Bypass
Jun 07, 2022
CVSS 2.6
EPSS 0.00
CVE-2022-24866 MEDIUM
Discourse Assign < 1.0.1 - Exposure of Sensitive Information via UserBookmarkSerializer
Apr 26, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-24850 MEDIUM
Discourse - Unauthorized Exposure of Category Group Permissions
Apr 14, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-24824 MEDIUM
Discourse < 2.8.3 - Unauthenticated Cache Poisoning via Crawler View Injection
Apr 14, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-24804 MEDIUM
Discourse < 2.8.3 - Unauthorized Group Name Exposure via Category Permissions
Apr 11, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-24782 MEDIUM
Discourse < 2.8.2 - Unauthorized Exposure of Secure Category Names in User Activity Export
Mar 24, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-23641 MEDIUM
Discourse < 2.8.1 - Denial of Service via Streaming URL Onebox Parsing
Feb 15, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-21677 MEDIUM
Discourse < 2.7.13 - Unauthorized Exposure of Sensitive Group Information via Advanced Search
Jan 14, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-21684 MEDIUM
Discourse < 2.7.13 - Improper Authentication via Invite Redemption Bypass
Jan 13, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-21678 MEDIUM
Discourse < 2.7.13 - Unauthorized Exposure of Private User Bios in Meta Tags
Jan 13, 2022
CVSS 4.3
EPSS 0.00
Products
discourse 241 calendar 4 discourse-chat 3 discourse_calendar 3 discourse_reactions 2 WP Discourse 1 ai 1 assign 1 discotoc 1 discourse-ai 1 discourse-code-review 1 discourse-encrypt 1 discourse-placeholder-theme-component 1 discourse-policy 1 discourse-reactions 1 discourse_bbcode 1 discourse_footnote 1 discourse_jira 1 discourse_yearly_review 1 group_membership_ip_blocks 1 mermaid 1 message_bus 1 microsoft_authentication 1 patreon 1 rails_multisite 1 reactions 1
Quick Filters
Critical CVEs With Exploits In CISA KEV