Known Vulnerabilities for products from Discourse
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Discourse".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
|CVE||Shortened Description||Severity||Publish Date||Last Modified|
|CVE-2021-41095||Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and ea...||6.1 - MEDIUM||2021-09-27||2021-10-06|
|CVE-2021-41082||Discourse is a platform for community discussion. In affected versions any private message that includes a group had its titl...||7.5 - HIGH||2021-09-20||2021-10-04|
|CVE-2021-39161||Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site...||5.4 - MEDIUM||2021-08-26||2021-08-26|
|CVE-2021-37703||Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's r...||4.3 - MEDIUM||2021-08-13||2021-08-30|
|CVE-2021-37693||Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when addin...||7.5 - HIGH||2021-08-13||2021-08-30|
|CVE-2021-37633||Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptibl...||6.1 - MEDIUM||2021-08-09||2021-08-17|
|CVE-2021-32788||Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator ...||4.3 - MEDIUM||2021-07-27||2021-08-05|
|CVE-2021-32764||Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneb...||5.4 - MEDIUM||2021-07-15||2021-09-13|
|CVE-2021-3138||In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.||7.5 - HIGH||2021-01-14||2021-04-21|
|CVE-2020-24327||Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an em...||5.3 - MEDIUM||2021-09-23||2021-09-29|
|CVE-2019-1020018||Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.||7.3 - HIGH||2019-07-29||2021-07-21|
|CVE-2019-1020017||Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.||5.3 - MEDIUM||2019-07-29||2020-08-24|
|CVE-2019-15515||Discourse 2.3.2 sends the CSRF token in the query string.||6.5 - MEDIUM||2019-08-26||2019-08-29|
Known software with vulnerabilities from Discourse