关键字【Discourse】的搜索结果共15记录

公开时间 奖金 作者 标题 厂商 漏洞类型
2018-08-08 $256.0 fransrosen CSRF-tokens on pages without no-cache headers, resulting in ATO when using CloudFlare proxy (Web Cache Deception) Discourse Cross-Site Request Forgery (CSRF)
2018-07-09 $256.0 luigigubello Stored XSS in "post last edited" option Discourse Cross-site Scripting (XSS) - Stored
2018-03-17 $256.0 mishre Gaining access to private topics using quoting feature Discourse Improper Access Control - Generic
2017-11-06 $1024.0 mishre Any user with invite capabilities can take-over any account on Discourse Discourse none
2017-06-18 $64.0 imnotengineer SSRF in upload IMG through URL Discourse Information Disclosure
2017-06-17 $256.0 arkadiyt Any authenticated user can download full list of users, including email Discourse Privacy Violation
2017-05-13 $512.0 ziot Arbitrary Local-File Read from Admin - Restore From Backup due to Symlinks Discourse Information Disclosure
2017-05-13 $512.0 ziot Admin Command Injection via username in user_archive ExportCsvFile Discourse Command Injection - Generic
2017-01-20 $256.0 skavans Stored XSS in topics because of whitelisted_generic engine vulnerability Discourse Cross-site Scripting (XSS) - Generic
2017-01-20 $256.0 skavans XSS in topics because of bandcamp preview engine vulnerability Discourse Cross-site Scripting (XSS) - Generic
2017-01-20 $256.0 skavans Stored XSS in posts because of absence of oembed variables values escaping Discourse Cross-site Scripting (XSS) - Generic
2017-01-10 $128.0 strukt Users can bookmark other user's messages Discourse Privilege Escalation
2017-01-10 $256.0 alberto__segura XSS Vulnerability on Image link parser Discourse Cross-site Scripting (XSS) - Generic
2017-01-10 $256.0 alberto__segura XSS vulnerability on Audio and Video parsers Discourse Cross-site Scripting (XSS) - Generic
2017-01-10 $256.0 babayaga_ DOM Based XSS in Discourse Search Discourse Cross-site Scripting (XSS) - Generic