Vulnerabilities > Discourse

DATE CVE VULNERABILITY TITLE RISK
2021-08-09 CVE-2021-37633 Cross-site Scripting vulnerability in Discourse
Discourse is an open source discussion platform.
network
discourse CWE-79
4.3
4.3
2021-07-27 CVE-2021-32788 Exposure of Resource to Wrong Sphere vulnerability in Discourse
Discourse is an open source discussion platform.
network
low complexity
discourse CWE-668
4.0
4.0
2021-07-15 CVE-2021-32764 Cross-site Scripting vulnerability in Discourse
Discourse is an open-source discussion platform.
network
discourse CWE-79
3.5
3.5
2021-01-14 CVE-2021-3138 Improper Restriction of Excessive Authentication Attempts vulnerability in Discourse
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
network
low complexity
discourse CWE-307
5.0
5.0
2019-08-26 CVE-2019-15515 Cross-Site Request Forgery (CSRF) vulnerability in Discourse 2.3.2
Discourse 2.3.2 sends the CSRF token in the query string.
network
discourse CWE-352
4.3
4.3
2019-07-29 CVE-2019-1020018 Improper Authentication vulnerability in Discourse
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
network
low complexity
discourse CWE-287
7.5
7.5
2019-07-29 CVE-2019-1020017 Unspecified vulnerability in Discourse
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
network
low complexity
discourse
5.3
5.3