Onedaycoder

**Name of the Vulnerable Software and Affected Versions** Discourse (affected versions not specified) **Description** Discourse is a platform for community discussion. Users who receive an invitation link that is not scoped to a single email address can enter any non-admin user's email and gain access to their account when accepting the invitation. **Recommendations** Upgrade to the latest version. As a temporary workaround, consider disabling invitations with `SiteSetting.max invites per day = 0` or scope them to individual email addresses.