Filtered by vendor Discourse
Subscriptions
Total
183 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1020017 | 1 Discourse | 1 Discourse | 2024-11-21 | 5.3 Medium |
| Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP. | ||||
| CVE-2024-45303 | 1 Discourse | 1 Calendar | 2024-09-18 | 6.1 Medium |
| Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. The issue is patched in version 0.5 of the Discourse Calendar plugin. | ||||
| CVE-2024-21658 | 1 Discourse | 1 Discourse Calendar | 2024-09-05 | 4.3 Medium |
| discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious actor to cause a Discourse instance to use excessive bandwidth and disk space. This issue has been patched in main the main branch. There are no workarounds for this vulnerability. Please upgrade as soon as possible. | ||||