Lucene search
K

25 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 8:25 p.m.7 views

CVE-2026-45085 Discourse: Chat misauthorization and information disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS5.2AI score0.00204EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.11 views

PT-2026-48983

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description Chat events for public category channels are published to the MessageBus without permission scoping. This allows any MessageBus...

7.5CVSS5.3AI score0.00259EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/19 9:57 p.m.4 views

CVE-2026-33410

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed direct...

5.4CVSS5.8AI score0.00156EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-38824

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00386EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:10 p.m.8 views

CVE-2022-36057

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting XSS attack. Version 0.9 contains a patch for this issue...

5.4CVSS5.9AI score0.00386EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/07 8:50 p.m.11 views

CVE-2024-47772 Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of...

6.5CVSS7.6AI score0.00331EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/17 2:45 p.m.6 views

CVE-2023-26040 Discourse chat messages susceptible to Cross-site Scripting through chat excerpts

Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the tests-passed branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the...

6.5CVSS6.2AI score0.0035EPSS
Exploits0References2
NVD
NVD
added 2022/10/06 8:15 p.m.17 views

CVE-2022-39279

discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting XSS attack by inserting unsafe HTML into them...

5.4CVSS0.00369EPSS
Exploits0References2
Prion
Prion
added 2022/10/06 8:15 p.m.26 views

Cross site scripting

discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting XSS attack by inserting unsafe HTML into them...

4.9CVSS5.2AI score0.00369EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/06 12:0 a.m.6 views

PT-2022-24865 · Discourse · Discourse-Chat

Name of the Vulnerable Software and Affected Versions: discourse-chat versions prior to 0.9 Description: The discourse-chat plugin for the Discourse message board has an issue where it renders a chat channel's name and description in an unsafe way, allowing staff members to cause a cross-site...

5.4CVSS5.2AI score0.00369EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/10/06 12:0 a.m.25 views

CVE-2022-39279 Discourse-chat plugin susceptible to XSS in channel name and description

discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting XSS attack by inserting unsafe HTML into them...

4.3CVSS5.5AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2022/10/06 12:0 a.m.33 views

CVE-2022-39279 Discourse-chat plugin susceptible to XSS in channel name and description

discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting XSS attack by inserting unsafe HTML into them...

4.3CVSS4.9AI score0.00369EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/10/06 12:0 a.m.6 views

CVE-2022-39279 Discourse-chat plugin susceptible to XSS in channel name and description

discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting XSS attack by inserting unsafe HTML into them...

4.3CVSS5.3AI score0.00369EPSS
Exploits0References2
CVE
CVE
added 2022/10/06 12:0 a.m.52 views

CVE-2022-39279

The CVE concerns the discourse-chat plugin for Discourse, where versions prior to 0.9 render a chat channel name and description insecurely, enabling cross-site scripting by inserting unsafe HTML. The fixed version is 0.9; users are advised to upgrade. No additional exploit details or workaround ...

5.4CVSS4.8AI score0.00369EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/09/06 8:15 p.m.25 views

CVE-2022-36057

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting XSS attack. Version 0.9 contains a patch for this issue...

5.4CVSS0.00386EPSS
Exploits0References2
Prion
Prion
added 2022/09/06 8:15 p.m.22 views

Cross site scripting

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting XSS attack. Version 0.9 contains a patch for this issue...

4.3CVSS4.9AI score0.00386EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/06 7:30 p.m.6 views

CVE-2022-36057 Discourse-Chat Cross-Site Scripting issue for channel names and descriptions

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting XSS attack. Version 0.9 contains a patch for this issue...

5.4CVSS5.9AI score0.00386EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/09/06 7:30 p.m.6 views

CVE-2022-36057 Discourse-Chat Cross-Site Scripting issue for channel names and descriptions

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting XSS attack. Version 0.9 contains a patch for this issue...

5.4CVSS5.3AI score0.00386EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/06 7:30 p.m.27 views

CVE-2022-36057 Discourse-Chat Cross-Site Scripting issue for channel names and descriptions

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting XSS attack. Version 0.9 contains a patch for this issue...

5.4CVSS5.5AI score0.00386EPSS
Exploits0References2
CVE
CVE
added 2022/09/06 7:30 p.m.62 views

CVE-2022-36057

The CVE-2022-36057 issue affects Discourse-Chat, a plugin for Discourse. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by an administrator being able to insert HTML into chat titles and descriptions for channel names. The publicly reported details indicate that versions prior to 0...

5.4CVSS5AI score0.00386EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder