Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / discourse

discourse

274 tracked vulnerabilities.

CVE-2022-21642 MEDIUM

Discourse < 2.7.13 - Unauthorized Exposure of Whisper Participants via User Suggestions

CVE-2021-43850 MEDIUM

Discourse <2.8.0.beta10, <2.7.12 - DoS

CVE-2021-43840 MEDIUM

message_bus <3.3.7 - Path Traversal

CVE-2021-43827 MEDIUM

Discourse Footnote < 0.2 - Improper Handling of Nested Tags

CVE-2021-43794 MEDIUM

Discourse < 2.7.11 - Cache Poisoning Denial of Service for Anonymous Users

CVE-2021-43793 MEDIUM

Discourse < 2.7.11 - Improper Privilege Management in Polls Feature

CVE-2021-43792 MEDIUM

Discourse < 2.7.11 - Unauthorized Exposure of Sensitive Tag Notifications

CVE-2021-41271 MEDIUM

Discourse < 2.7.9 - Exposure of Sensitive Information via Error Response Caching

CVE-2021-41263 HIGH

rails_multisite <4 - Info Disclosure

CVE-2021-41163 CRITICAL

Discourse - Remote Code Execution via Unvalidated subscribe_url

CVE-2021-41140 MEDIUM

Discourse-reactions <0.2 - Info Disclosure

CVE-2021-41095 MEDIUM

Discourse < 2.7.7 - Cross-Site Scripting via Error Message Rendering

CVE-2021-41082 HIGH

Discourse < 2021-09-14 - Exposure of Sensitive Information via Private Message Group Handling

CVE-2021-39161 MEDIUM

Discourse < 2.7.8 - Stored Cross-Site Scripting via Category Name

CVE-2021-37703 MEDIUM

Discourse < 2.7.8 - Unauthorized Exposure of User Read State

CVE-2021-37693 MEDIUM

Discourse < 2.7.8 - Insufficient Session Expiration via Email Verification Token

CVE-2021-37633 HIGH

Discourse < 2.7.8 - Cross-Site Scripting via d-popover Tooltip Rendering

CVE-2021-32788 MEDIUM

Discourse < 2.7.7 - Unauthorized Post Creator Exposure via Whisper Post Handling

CVE-2021-32764 HIGH

Discourse < 2.7.5 - Cross-Site Scripting via YouTube Onebox Parsing

CVE-2021-3138 HIGH

Discourse 2.7.0-beta1 - Two-Factor Authentication Bypass via Rate-Limit Bypass

CVE-2020-24327 MEDIUM

Discourse 2.3.2 and 2.6 - Server-Side Request Forgery via Email Image Upload

CVE-2019-15515 MEDIUM

Discourse 2.3.2 - Cross-Site Request Forgery via Query String Token

CVE-2019-1020018 HIGH

Discourse <2.3.0, <2.4.0.beta3 - Info Disclosure

CVE-2019-1020017 MEDIUM

Discourse <2.3.0, <2.4.0.beta3 - Info Disclosure

Previous Page 11 of 11

Products

discourse 241 calendar 4 discourse-chat 3 discourse_calendar 3 discourse_reactions 2 WP Discourse 1 ai 1 assign 1 discotoc 1 discourse-ai 1 discourse-code-review 1 discourse-encrypt 1 discourse-placeholder-theme-component 1 discourse-policy 1 discourse-reactions 1 discourse_bbcode 1 discourse_footnote 1 discourse_jira 1 discourse_yearly_review 1 group_membership_ip_blocks 1 mermaid 1 message_bus 1 microsoft_authentication 1 patreon 1 rails_multisite 1 reactions 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy