Lucene search
K

26 matches found

cvelist
cvelist
added 2022/09/06 7:30 p.m.28 views

CVE-2022-36057 Discourse-Chat Cross-Site Scripting issue for channel names and descriptions

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting XSS attack. Version 0.9 contains a patch for this issue...

5.4CVSS5.5AI score0.004EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2022/09/06 12:0 a.m.6 views

PT-2022-23148 · Discourse · Discourse-Chat

Name of the Vulnerable Software and Affected Versions: Discourse-Chat versions prior to 0.9 Description: The issue affects users of Discourse Chat, an asynchronous messaging plugin for the Discourse open-source discussion platform. Admin users can insert HTML into chat titles and descriptions,...

5.4CVSS4.9AI score0.004EPSS
Exploits0References4
cnnvd
cnnvd
added 2022/09/06 12:0 a.m.9 views

Discourse-Chat 安全漏洞

Discourse-Chat is a free open source chat plugin for Discourse open source internet forum software. A security vulnerability exists in versions of Discourse-Chat prior to 0.9, which originated from a cross-site scripting XSS attack by an administrator user inserting HTML in the chat title and...

5.4CVSS4.9AI score0.004EPSS
Exploits0References3
nvd
nvd
added 2022/06/21 7:15 p.m.23 views

CVE-2022-31095

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily...

6.5CVSS0.00542EPSS
Exploits0References1
osv
osv
added 2022/06/21 7:0 p.m.8 views

CVE-2022-31095 Exposure of Sensitive Information in discourse-chat

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily...

4.3CVSS6.8AI score0.00542EPSS
Exploits0References3
cnnvd
cnnvd
added 2022/06/21 12:0 a.m.7 views

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. An information disclosure vulnerability exists in the Discourse plugin discourse-chat prior to version 0.4. An attacker could exploit this vulnerability to obtain...

6.5CVSS6.5AI score0.00542EPSS
Exploits0References3
Rows per page
Query Builder