BIT-DISCOURSE-2024-47772 Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of...