All 7 CVE vulnerabilities found in discourse-calendar, with AI-generated Chinese analysis, references, and POCs.
Vendor: discourse
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-45303 | Discourse Calendar plugin event names susceptible to XSS CWE-79 | 6.1 | Medium | 2024-09-12 |
| CVE-2024-21658 | Insufficient control of region value length in discourse-calendar CWE-400 | 4.3 | Medium | 2024-08-30 |
| CVE-2024-24817 | User can see invitees in events created in PMs and private categories CWE-200 | 4.3 | Medium | 2024-02-22 |
| CVE-2024-26145 | Uninvited user is able to join and mark the attendance of the the private event CWE-863 | 6.5 | Medium | 2024-02-21 |
| CVE-2023-43658 | Improper escaping of user input in discourse-calendar CWE-79 | 8.0 | High | 2023-10-16 |
| CVE-2022-41913 | Discourse-calendar exposes members of hidden groups CWE-200 | 4.3 | Medium | 2022-11-14 |
| CVE-2022-31059 | Discourse Calendar Event names susceptible to Cross-site Scripting CWE-79 | 6.5 | Medium | 2022-06-14 |
All 7 known CVE vulnerabilities affecting discourse-calendar with full Chinese analysis, references, and POCs where available.