Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

discourse — Vulnerabilities & Security Advisories 234

All 234 CVE vulnerabilities found in discourse, with AI-generated Chinese analysis, references, and POCs.

Vendor: discourse

CVE IDTitleCVSSSeverityPublished
CVE-2023-23620 Discourse restricted tag routes leak topic information CWE-200 5.3 Medium2023-01-27
CVE-2023-22739 Discourse subject to Allocation of Resources Without Limits or Throttling CWE-770 6.5 Medium2023-01-26
CVE-2023-22468 Discourse vulnerable to Cross-site Scripting in local oneboxes CWE-79 8.8 High2023-01-26
CVE-2023-22455 Discourse vulnerable to Cross-site Scripting through tag descriptions CWE-79 6.8 Medium2023-01-05
CVE-2023-22454 Discourse vulnerable to Cross-site Scripting through pending post titles descriptions CWE-79 8.0 High2023-01-05
CVE-2023-22453 Discourse vulnerable to exposure of user post counts per topic to unauthorized users CWE-200 5.3 Medium2023-01-05
CVE-2022-46177 Discourse password reset link can lead to in account takeover if user changes to a new email CWE-613 5.7 Medium2023-01-05
CVE-2022-23546 Discourse vulnerable to private topic leak via email#send_digest CWE-200 5.5 Medium2023-01-05
CVE-2022-46168 Group SMTP user emails are exposed in CC email header CWE-359 3.5 Low2023-01-05
CVE-2022-23548 Discourse 跨站脚本漏洞 CWE-1333 6.5 Medium2023-01-05
CVE-2022-23549 Discourse vulnerable to bypass of post max_length using HTML comments CWE-20 5.7 Medium2023-01-05
CVE-2022-46159 Any authenticated Discourse user can create an unlisted topic CWE-770 4.3 Medium2022-12-02
CVE-2022-46148 Discourse allows self-XSS through malicious composer message CWE-79 7.1 High2022-11-29
CVE-2022-46150 Discourse may allow exposure of hidden tags in the subject of notification emails CWE-200 4.3 Medium2022-11-29
CVE-2022-41921 Discourse chat messages should have a maximum character limit CWE-20 3.5 Low2022-11-28
CVE-2022-41944 Discourse users can see notifications for topics they no longer have access to CWE-200 3.5 Low2022-11-28
CVE-2022-39385 Users erroneously and transparently added to private messages in Discourse CWE-200 6.5 Medium2022-11-14
CVE-2022-39241 Possible Server-Side Request Forgery (SSRF) in webhooks CWE-918 7.6 High2022-11-02
CVE-2022-39356 Discourse user account takeover via email and invite link CWE-285 8.9 High2022-11-02
CVE-2022-39378 Displaying user badges can leak topic titles to users that have no access to the topic CWE-200 5.3 Medium2022-11-02
CVE-2022-39232 Discourse vulnerable to incomplete quote causing a topic to crash in the browser CWE-20 6.5 Medium2022-09-29
CVE-2022-39226 Discourse user profile location and website fields were not sufficiently length-limited CWE-770 4.3 Medium2022-09-29
CVE-2022-36068 Discourse moderators can edit themes via the API CWE-862 7.2 High2022-09-29
CVE-2022-36066 Discourse vulnerable to RCE via admins uploading maliciously zipped file CWE-434 9.1 Critical2022-09-29
CVE-2022-31184 Email activation route can be abused by spammers in Discourse CWE-770 6.5 Medium2022-08-01
CVE-2022-31182 Cache poisoning via maliciously-formed request in Discourse CWE-404 5.3 Medium2022-08-01
CVE-2022-31096 Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse CWE-281 5.7 Medium2022-06-27
CVE-2022-31060 Banner topic data is exposed on login-required Discourse sites CWE-200 5.3 Medium2022-06-14
CVE-2022-31025 Invite bypasses user approval in Discourse CWE-285 2.6 Low2022-06-03
CVE-2022-24850 Category group permissions leaked in Discourse CWE-200 5.3 Medium2022-04-14

All 234 known CVE vulnerabilities affecting discourse with full Chinese analysis, references, and POCs where available.