HomePentest-Tools.com Logo

Discourse < 2.8.14 Multiple Vulnerability CVE-2023-22453CVE-2023-22454CVE-2022-23548CVE-2022-23549CVE-2022-46159CVE-2022-46168CVE-2022-46177CVE-2023-22455

Severity
CVSSv3 Score
6.1
Vulnerability description

Discourse is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2023-22453: Exposure of user post counts per topic to unauthorized users - CVE-2023-22454: XSS through pending post titles descriptions - CVE-2023-22455: XSS through tag descriptions - CVE-2022-23548: Regex susceptible to ReDOS - CVE-2022-23549: Bypass of post max_length using HTML comments - CVE-2022-46159: Any authenticated user can create an unlisted topic - CVE-2022-46168: Group SMTP user emails are exposed in CC email header - CVE-2022-46177: Password reset link can lead to in account takeover if user changes to a new email

Recommendation

Update to version 2.8.14 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jan 5, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available