CVE-2026-45085 Discourse: Chat misauthorization and information disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

CVE-2022-39279 Discourse-chat plugin susceptible to XSS in channel name and description

discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting XSS attack by inserting unsafe HTML into them...

PT-2022-24865 · Discourse · Discourse-Chat

Name of the Vulnerable Software and Affected Versions: discourse-chat versions prior to 0.9 Description: The discourse-chat plugin for the Discourse message board has an issue where it renders a chat channel's name and description in an unsafe way, allowing staff members to cause a cross-site...

CVE-2022-31095 Exposure of Sensitive Information in discourse-chat

discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. An information disclosure vulnerability exists in the Discourse plugin discourse-chat prior to version 0.4. An attacker could exploit this vulnerability to obtain...