Vulnerabilidades em discourse
279 resultadosCVE-2023-23624MEDIUMDiscourse's exclude_tags param could leak which topics had a specific hidden tagEPSS 0.6%CVE-2023-36818MEDIUMDenial of service via User Custom Sidebar Section Unlimited Link Creation in discourseEPSS 0.6%CVE-2023-28112MEDIUMDiscourse's SSRF protection missing for some FastImage requestsEPSS 0.6%CVE-2023-22453MEDIUMDiscourse vulnerable to exposure of user post counts per topic to unauthorized usersEPSS 0.6%CVE-2023-38498MEDIUMDiscourse vulnerable to DoS via defer queueEPSS 0.6%CVE-2022-23549MEDIUMDiscourse vulnerable to bypass of post max_length using HTML commentsEPSS 0.6%CVE-2023-22454HIGHDiscourse vulnerable to Cross-site Scripting through pending post titles descriptionsEPSS 0.6%CVE-2024-27085MEDIUMDenial of service through invites in DiscourseEPSS 0.6%CVE-2023-25167MEDIUMRegular expression denial of service via installing themes via git in discourseEPSS 0.6%CVE-2024-21655MEDIUMInsufficient control of custom field value sizesEPSS 0.6%CVE-2021-41095MEDIUMXSS via blocked watched word in error messageEPSS 0.6%CVE-2022-31184MEDIUMEmail activation route can be abused by spammers in DiscourseEPSS 0.6%CVE-2022-39356HIGHDiscourse user account takeover via email and invite linkEPSS 0.6%CVE-2024-27100MEDIUMDenial of service via Staff Actions in DiscourseEPSS 0.6%CVE-2023-28111MEDIUMDiscourse vulnerable to SSRF protection bypass possible with IPv4-mapped IPv6 addressesEPSS 0.6%CVE-2021-32764HIGHYouTube Onebox susceptible to XSSEPSS 0.5%CVE-2023-23622MEDIUMDiscourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all usersEPSS 0.5%CVE-2023-44388HIGHMalicious requests can fill up the log files resulting in a deinal of service in DiscourseEPSS 0.5%CVE-2023-38684MEDIUMDiscourse vulnerable to ossible DDoS due to unbounded limits in various controller actionsEPSS 0.5%CVE-2022-31095MEDIUMExposure of Sensitive Information in discourse-chatEPSS 0.5%