Vulnerabilidades em discourse
279 resultadosCVE-2022-24782MEDIUMSecure category names leaked via user activity export in DiscourseEPSS 0.9%CVE-2022-21678MEDIUMUser's bio visible even if profile is restricted in DiscourseEPSS 0.9%CVE-2021-41140MEDIUMReactions leak for secure category topics and private messagesEPSS 0.9%CVE-2022-31025LOWInvite bypasses user approval in DiscourseEPSS 0.9%CVE-2021-32788MEDIUMPost creator of a whisper post can be revealed to non-staff users in DiscourseEPSS 0.9%CVE-2023-22739MEDIUMDiscourse subject to Allocation of Resources Without Limits or ThrottlingEPSS 0.9%CVE-2023-23621HIGHDiscourse vulnerable to ReDoS in user agent parsingEPSS 0.9%CVE-2021-37703MEDIUMInformation exposure in DiscourseEPSS 0.8%CVE-2021-37693MEDIUMRe-use of email tokens in DiscourseEPSS 0.8%CVE-2021-43792MEDIUMNotifications leak in DiscourseEPSS 0.8%CVE-2021-43850MEDIUMDenial of Service in discourseEPSS 0.8%CVE-2022-24804MEDIUMPrivate group name exposure in discourseEPSS 0.8%CVE-2021-43827MEDIUMInline footnotes wrapped in <a> tags can cause errors in discourse-footnotesEPSS 0.8%CVE-2023-46241CRITICALPotential account take over due to unverified emails from Microsoft Identity Platform EPSS 0.8%CVE-2022-39226MEDIUMDiscourse user profile location and website fields were not sufficiently length-limitedEPSS 0.8%CVE-2022-39355CRITICALDiscourse Patreon vulnerable to improper validation of email during Patreon authenticationEPSS 0.8%CVE-2021-37633HIGHXSS via d-popover and d-html-popover attributeEPSS 0.8%CVE-2021-43793MEDIUMBypass of Poll voting limits in DiscourseEPSS 0.8%CVE-2022-23548MEDIUMDiscourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` andEPSS 0.7%CVE-2022-21642MEDIUMExposure of whisper participants in discourseEPSS 0.7%