Discourse is an open source community discussion platform that includes community, email, and chat room features. The platform includes community, email, and chat room features. discourse-chat versions prior to 0.9 have a cross-site scripting vulnerability, which stems from the fact that some parts of the chat channel’s name and description are presented in an insecure manner, and the name and description lack effective filtering and escaping of user-supplied data, which can be exploited by attackers to cause cross-site scripting attacks.
CPE | Name | Operator | Version |
---|---|---|---|
discourse discourse-chat | lt | 0.9 |