Known Vulnerabilities for Discourse by Discourse

Listed below are 10 of the newest known vulnerabilities associated with the software "Discourse" by "Discourse".

These CVEs are retrieved based on exact matches on listed software and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-41095 Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and ea... 4.2 - MEDIUM 2021-09-27 2021-09-27
CVE-2021-41082 Discourse is a platform for community discussion. In affected versions any private message that includes a group had its titl... 7.5 - HIGH 2021-09-20 2021-09-20
CVE-2021-39161 Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site... 4.4 - MEDIUM 2021-08-26 2021-08-26
CVE-2021-37703 Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's r... 4.3 - MEDIUM 2021-08-13 2021-08-13
CVE-2021-37693 Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when addin... 5.3 - MEDIUM 2021-08-13 2021-08-13
CVE-2021-37633 Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptibl... 7.4 - HIGH 2021-08-09 2021-08-09
CVE-2021-32788 Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator ... 4.3 - MEDIUM 2021-07-27 2021-07-30
CVE-2021-32764 Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneb... 5.4 - MEDIUM 2021-07-15 2021-09-13
CVE-2021-3138 In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. 7.5 - HIGH 2021-01-14 2021-04-21
CVE-2020-24327 Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an em... 7.5 - HIGH 2021-09-23 2021-09-23

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language

Popular searches for Discourse


iscourse/discourse ? = ;A platform for community discussion. Free, open, simple. - discourse discourse

Discourse (software) GitHub Discourse Software license Free software Internet forum Ruby on Rails Web browser Open-source software PostgreSQL Redis Ruby (programming language) Computer file Ember.js Command-line interface Application programming interface Xcode Microsoft Visual Studio Computer security Repository (version control)

Discourse - Civilized Discussion

Discourse - Civilized Discussion Discourse is modern forum software for your community. Use it as a mailing list, discussion forum, long-form chat room, and more! Discourse (software) Internet forum Mailing list Comparison of Internet forum software Chat room Email Online chat Frostbite (game engine) Long-form journalism Pluralsight Electronic mailing list Computer programming Car Talk Conversation Adventure game Self-service Communication Information silo EA DICE Game engine

© 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license. and Source URL Uptime Status