Medium
CVSS: 4.3
Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are ad…
Medium
CVSS: 4.3
Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict de…
Medium
CVSS: 4.3
Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. This has been patched in the…
High
CVSS: 8.2
Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with miss…
Medium
CVSS: 6.5
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CS…
Low
CVSS: 3.1
Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has be…
Medium
CVSS: 6.5
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has be…
Low
CVSS: 2.2
Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM…
High
CVSS: 8.2
Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issu…