CVE-2023-45131 - How Discourse's Unauthenticated MessageBus Opened Chat Messages to Attackers
_Discovered in late 2023, CVE-2023-45131 is a security hole in Discourse’s chat component that could let attackers spy on new chat messages—without even
CVE-2023-43814 - Private Poll Leaks in Discourse—How Attackers Could See Poll Results Meant to Stay Secret
Discourse has become the go-to platform for hosting online forums, Q&As, and community discussions. Its open source flexibility and rich features make it
CVE-2023-44384 - How Discourse-Jira Plugin Exposed Servers to SSRF and Data Leaks
TL;DR
CVE-2023-44384 is a critical security vulnerability in the _discourse-jira_ plugin that could let attackers abuse admin or moderation features to perform SSRF (Server-Side
CVE-2023-30538 - How Discourse’s SVG Upload Bug Could Let Attackers Run JavaScript on Your Community – Exploit & Fixes Explained
Discourse is one of the most popular open-source forum and community platforms today. Used by many large organizations, it’s praised for its modern features
CVE-2022-46148 - Dissecting Discourse’s Self-XSS Vulnerability (With Exploit Details & Patch Guide)
Discourse is a hugely popular open-source platform for creating message boards and forums. But even the best projects get security bumps in the road. In
Episode
00:00:00
00:00:00