Vulnerabilities > Discourse

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-26	CVE-2019-15515	Cross-Site Request Forgery (CSRF) vulnerability in Discourse 2.3.2 Discourse 2.3.2 sends the CSRF token in the query string. network low complexity discourse CWE-352	6.5
2019-07-29	CVE-2019-1020018	Improper Authentication vulnerability in Discourse Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link. network low complexity discourse CWE-287	7.3
2019-07-29	CVE-2019-1020017	Unspecified vulnerability in Discourse Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP. network low complexity discourse	5.3

Vulnerabilities > Discourse {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Discourse"}]}