Vulnerabilities > Discourse > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-13 CVE-2021-37703 Unspecified vulnerability in Discourse
Discourse is an open-source platform for community discussion.
network
low complexity
discourse
4.3
2021-08-09 CVE-2021-37633 Cross-site Scripting vulnerability in Discourse
Discourse is an open source discussion platform.
network
low complexity
discourse CWE-79
6.1
2021-07-27 CVE-2021-32788 Exposure of Resource to Wrong Sphere vulnerability in Discourse
Discourse is an open source discussion platform.
network
low complexity
discourse CWE-668
4.3
2021-07-15 CVE-2021-32764 Cross-site Scripting vulnerability in Discourse
Discourse is an open-source discussion platform.
network
low complexity
discourse CWE-79
5.4
2019-08-26 CVE-2019-15515 Cross-Site Request Forgery (CSRF) vulnerability in Discourse 2.3.2
Discourse 2.3.2 sends the CSRF token in the query string.
network
low complexity
discourse CWE-352
6.5
2019-07-29 CVE-2019-1020017 Unspecified vulnerability in Discourse
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.
network
low complexity
discourse
5.3