HomePentest-Tools.com Logo

Discourse <= 3.1.1, 3.2.0.beta1 Multiple Vulnerabilities CVE-2023-43659CVE-2023-43814CVE-2023-44388CVE-2023-44391CVE-2023-45147

Severity
CVSSv3 Score
3.1
Vulnerability description

Discourse is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2023-43659: XSS via email preview when CSP disabled - CVE-2023-43814: Exposure of poll options and votes to unauthorized users - CVE-2023-44388: Malicious requests can fill up the log files resulting in a DoS on the server - CVE-2023-44391: Prevent unauthorized access to summary details - CVE-2023-45147: Arbitrary keys can be added to a topics custom fields by any user

Recommendation

Update to version 3.1.2, 3.2.0.beta2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 16, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available