Known Vulnerabilities for products from Discourse

Listed below are 13 of the newest known vulnerabilities associated with the vendor "Discourse".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-41095 Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and ea... 6.1 - MEDIUM 2021-09-27 2021-10-06
CVE-2021-41082 Discourse is a platform for community discussion. In affected versions any private message that includes a group had its titl... 7.5 - HIGH 2021-09-20 2021-10-04
CVE-2021-39161 Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site... 5.4 - MEDIUM 2021-08-26 2021-08-26
CVE-2021-37703 Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's r... 4.3 - MEDIUM 2021-08-13 2021-08-30
CVE-2021-37693 Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when addin... 7.5 - HIGH 2021-08-13 2021-08-30
CVE-2021-37633 Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptibl... 6.1 - MEDIUM 2021-08-09 2021-08-17
CVE-2021-32788 Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator ... 4.3 - MEDIUM 2021-07-27 2021-08-05
CVE-2021-32764 Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneb... 5.4 - MEDIUM 2021-07-15 2021-09-13
CVE-2021-3138 In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms. 7.5 - HIGH 2021-01-14 2021-04-21
CVE-2020-24327 Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an em... 5.3 - MEDIUM 2021-09-23 2021-09-29
CVE-2019-1020018 Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link. 7.3 - HIGH 2019-07-29 2021-07-21
CVE-2019-1020017 Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP. 5.3 - MEDIUM 2019-07-29 2020-08-24
CVE-2019-15515 Discourse 2.3.2 sends the CSRF token in the query string. 6.5 - MEDIUM 2019-08-26 2019-08-29

Known software with vulnerabilities from Discourse

Type Vendor Product Version
ApplicationDiscourseDiscourse0.8.0

Popular searches for "Discourse"

dis·course | ˈdisˌkôrs | noun

discourse | diskrs | noun 1 - written or spoken communication or debate New Oxford American Dictionary Dictionary

Discourse

Discourse Discourse is a generalization of the notion of a conversation to any form of communication. Discourse is a major topic in social theory, with work spanning fields such as sociology, anthropology, continental philosophy, and discourse analysis. Following pioneering work by Michel Foucault, these fields view discourse as a system of thought, knowledge, or communication which constructs our experience of the world. Wikipedia

© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report