Filtered by vendor Discourse Subscriptions
Filtered by product Discourse Subscriptions
Total 264 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-24327 1 Discourse 1 Discourse 2024-11-21 5.3 Medium
Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
CVE-2019-15515 1 Discourse 1 Discourse 2024-11-21 N/A
Discourse 2.3.2 sends the CSRF token in the query string.
CVE-2019-1020018 1 Discourse 1 Discourse 2024-11-21 7.3 High
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.
CVE-2019-1020017 1 Discourse 1 Discourse 2024-11-21 5.3 Medium
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP.