Discourse Encrypt
By the Year
In 2024 there have been 0 vulnerabilities in Discourse Encrypt . Last year Discourse Encrypt had 1 security vulnerability published. Right now, Discourse Encrypt is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 6.10 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Discourse Encrypt vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Discourse Encrypt Security Vulnerabilities
discourse-encrypt is a plugin that provides a secure communication channel through Discourse
CVE-2023-43657
6.1 - Medium
- September 28, 2023
discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Discourse Encrypt or by Discourse? Click the Watch button to subscribe.
