Discourse 3.2.0 Beta 4 Beta Branch
Approved changes feed: RSS · Atom
cpe:2.3:a:discourse:discourse:3.2.0:beta4:*:*:beta:*:*:*
part: a version: 3.2.0 update: beta4
| Vendor | Discourse (2d3c125b-857a-5933-b846-ed7f9d5e0225) |
|---|---|
| Product | Discourse (4347364d-ae10-5ab6-a9ec-6e7dcaf78dd8) |
| Edition | * |
| Language | * |
| Software edition | beta |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/discourse/discourse |
purl2cpe | 2026-06-01 10:13:03.596510 |
pkg:rpm/opensuse/discourse |
purl2cpe | 2026-06-01 10:13:03.596512 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-32376 |
vulnerable | 2026-06-03 15:00:40.695810 |
Discourse DM limits aren’t always properly enforced
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3.
Published: 2025-04-30T14:55:21.473Z
Updated: 2025-04-30T15:08:52.268Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24748 |
vulnerable | 2026-06-03 14:55:05.654642 |
Disclosure of the existence of secret subcategories in Discourse
MEDIUM (5.3)
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-03-15T19:15:17.121Z
Updated: 2024-08-27T19:43:50.659Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23834 |
vulnerable | 2026-06-03 14:55:04.752665 |
Discourse improperly sanitized user input leads to XSS
MEDIUM (6.3)
Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`.
Published: 2024-01-30T21:31:35.617Z
Updated: 2024-10-17T17:59:10.354Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.