Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / discourse

discourse

274 tracked vulnerabilities.

CVE-2023-36818 MEDIUM

Discourse - Denial of Service via Custom Sidebar Section Update

CVE-2023-36466 LOW

Discourse < 3.0.5 - Improper Authentication via Topic Title Validation Bypass

CVE-2023-36473 MEDIUM

Discourse < 3.0.5 - Cross-Site Scripting via CSP Nonce Reuse

CVE-2023-34250 MEDIUM

Discourse < 3.0.4 - Unauthorized Sensitive Information Exposure via New Topics Dismissal Endpoint

CVE-2023-32301 LOW

Discourse <3.0.4-3.1.0.beta5 - Info Disclosure

CVE-2023-32061 MEDIUM

Discourse < 3.0.4 - Unauthenticated Comment Hiding via iFrame Tag

CVE-2023-31142 LOW

Discourse <3.0.4-3.1.0.beta5 - Info Disclosure

CVE-2023-30611 MEDIUM

Discourse Reactions - Exposure of Sensitive Information via Private Topic Reaction Data Leak

CVE-2023-30606 MEDIUM

Discourse - Denial of Service via SiteSetting Method Injection

CVE-2023-30538 MEDIUM

Discourse < 3.0.2 and < 3.1.0 - Stored Cross-Site Scripting via SVG File Upload

CVE-2023-29196 MEDIUM

Discourse < 3.0.3 and < 3.1.0 - Stored Cross-Site Scripting via Custom Feature

CVE-2023-28440 LOW

Discourse <3.0.3, <3.1.0.beta4 - DoS

CVE-2023-28112 MEDIUM

Discourse < 3.1.0.beta3 - Server-Side Request Forgery via FastImage URL Handling

CVE-2023-28111 MEDIUM

Discourse < 3.1.0 - Server-Side Request Forgery via IPv4-Mapped IPv6 Address Bypass

CVE-2023-28107 MEDIUM

Discourse < 3.0.2 and < 3.1.0.beta3 - Authenticated Denial of Service via Backup Request Flood

CVE-2023-25172 MEDIUM

Discourse < 3.0.1 and < 3.1.0.beta2 - Cross-Site Scripting via User Full Name Field

CVE-2023-26040 MEDIUM

Discourse 3.1.0.beta2-3.1.0.beta3 - Stored Cross-Site Scripting via Chat Message Editing

CVE-2023-23622 MEDIUM

Discourse < 3.0.1 and 3.1.0.beta2 - Unauthorized Sensitive Information Exposure via Tag Topic Count

CVE-2023-23935 LOW

Discourse <3.0.1-3.1.0.beta2 - Info Disclosure

CVE-2023-25169 LOW

discourse_yearly_review < 0.2 - Exposure of Sensitive Information via Incomplete Anonymization

CVE-2023-25819 MEDIUM

Discourse tests-passed and beta branches >= 3.1.0.beta2 - Exposure of Private Personal Information via Metadata

CVE-2023-25167 MEDIUM

Discourse < 3.0.1 - Regular Expression Denial of Service via Git URL

CVE-2023-23615 MEDIUM

Discourse < 3.0.0 - Unauthenticated Topic Creation via Embeddable Comments

CVE-2023-23624 MEDIUM

Discourse < 3.0.1 - Unauthorized Exposure of Sensitive Information via Exclude Tag Parameter

CVE-2023-23621 HIGH

Discourse < 3.0.1 - Regular Expression Denial of Service via User Agent

Previous Page 8 of 11 Next

Products

discourse 241 calendar 4 discourse-chat 3 discourse_calendar 3 discourse_reactions 2 WP Discourse 1 ai 1 assign 1 discotoc 1 discourse-ai 1 discourse-code-review 1 discourse-encrypt 1 discourse-placeholder-theme-component 1 discourse-policy 1 discourse-reactions 1 discourse_bbcode 1 discourse_footnote 1 discourse_jira 1 discourse_yearly_review 1 group_membership_ip_blocks 1 mermaid 1 message_bus 1 microsoft_authentication 1 patreon 1 rails_multisite 1 reactions 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy