26 matches found
CVE-2022-36057 Discourse-Chat Cross-Site Scripting issue for channel names and descriptions
Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting XSS attack. Version 0.9 contains a patch for this issue...
PT-2022-23148 · Discourse · Discourse-Chat
Name of the Vulnerable Software and Affected Versions: Discourse-Chat versions prior to 0.9 Description: The issue affects users of Discourse Chat, an asynchronous messaging plugin for the Discourse open-source discussion platform. Admin users can insert HTML into chat titles and descriptions,...
Discourse-Chat 安全漏洞
Discourse-Chat is a free open source chat plugin for Discourse open source internet forum software. A security vulnerability exists in versions of Discourse-Chat prior to 0.9, which originated from a cross-site scripting XSS attack by an administrator user inserting HTML in the chat title and...
CVE-2022-31095
discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily...
CVE-2022-31095 Exposure of Sensitive Information in discourse-chat
discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily...
Discourse 信息泄露漏洞
Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. An information disclosure vulnerability exists in the Discourse plugin discourse-chat prior to version 0.4. An attacker could exploit this vulnerability to obtain...