Vulnerabilities > Discourse

DATE CVE VULNERABILITY TITLE RISK
2021-09-27 CVE-2021-41095 Cross-site Scripting vulnerability in Discourse
Discourse is an open source discussion platform.
network
low complexity
discourse CWE-79
6.1
6.1
2021-09-23 CVE-2020-24327 Server-Side Request Forgery (SSRF) vulnerability in Discourse 2.3.2/2.6.0
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function.
network
low complexity
discourse CWE-918
5.3
5.3
2021-09-20 CVE-2021-41082 Incorrect Authorization vulnerability in Discourse
Discourse is a platform for community discussion.
network
low complexity
discourse CWE-863
7.5
7.5
2021-08-26 CVE-2021-39161 Cross-site Scripting vulnerability in Discourse
Discourse is an open source platform for community discussion.
network
low complexity
discourse CWE-79
5.4
5.4
2021-08-13 CVE-2021-37693 Unspecified vulnerability in Discourse
Discourse is an open-source platform for community discussion.
network
low complexity
discourse
7.5
7.5
2021-08-13 CVE-2021-37703 Unspecified vulnerability in Discourse
Discourse is an open-source platform for community discussion.
network
low complexity
discourse
4.3
4.3
2021-08-09 CVE-2021-37633 Cross-site Scripting vulnerability in Discourse
Discourse is an open source discussion platform.
network
low complexity
discourse CWE-79
6.1
6.1
2021-07-27 CVE-2021-32788 Exposure of Resource to Wrong Sphere vulnerability in Discourse
Discourse is an open source discussion platform.
network
low complexity
discourse CWE-668
4.3
4.3
2021-07-15 CVE-2021-32764 Cross-site Scripting vulnerability in Discourse
Discourse is an open-source discussion platform.
network
low complexity
discourse CWE-79
5.4
5.4
2021-01-14 CVE-2021-3138 Improper Restriction of Excessive Authentication Attempts vulnerability in Discourse
In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for certain forms.
network
low complexity
discourse CWE-307
7.5
7.5