Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Discourse 2.7.8 Security Update

Information

Severity

Severity

Medium

Family

Family

Web application abuses

CVSSv2 Base

CVSSv2 Base

4.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

2 years ago

Modified

Modified

2 years ago

Summary

Discourse is prone to multiple vulnerabilities.

Insight

Insight

The following vulnerabilities exist: - CVE-2021-37633: Rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. - CVE-2021-37693: When adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email address does not invalidate an unused token which can then be used in other contexts, including resetting a password. - CVE-2021-37703: A user's read state for a topic such as the last read post number and the notification level is exposed.

Affected Software

Affected Software

Discourse prior to version 2.7.8.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 2.7.8 or later.

Common Vulnerabilities and Exposures (CVE)