CVE-2021-41140 — Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post · QSearch CVE Watch

Severity and scoring

CVSS: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-200, CWE-668

Affected products

Vendor	Product
discourse	discourse_reactions

Description

Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel.

Source: NVD

References

Related CVEs

Same vendor

CVE-2026-34154 — Discourse is an open-source discussion platform (5.3 MEDIUM)
CVE-2026-33514 — Discourse is an open-source discussion platform (4.3 MEDIUM)
CVE-2026-32244 — Discourse is an open-source discussion platform (5.3 MEDIUM)
CVE-2021-41163 — Discourse is an open source platform for community discussion (10.0 CRITICAL)
CVE-2021-41095 — Discourse is an open source discussion platform (4.2 MEDIUM)

Same CWE

CVE-2026-12117 — Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to ...
CVE-2026-12320 — Information disclosure in the Password Manager component (4.3 MEDIUM)
CVE-2026-12311 — Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
CVE-2026-50870 — An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensi... (7.5 HIGH)
CVE-2026-39007 — An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export ... (7.5 HIGH)