Discourse-Chat Security Vulnerabilities
discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily af...
6.5CVSS
6.4AI Score
0.001EPSS
Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack. Version 0.9 contains a patch for this issue.
5.4CVSS
4.9AI Score
0.001EPSS
discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsafe HTML into them. Vers...
5.4CVSS
5.2AI Score
0.001EPSS
discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit 94ba0dadc2cf38e8f81c3936974c1...
4.1CVSS
4.4AI Score
0.0004EPSS
Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through 2.5.1.
4.3CVSS
4.7AI Score
0.0004EPSS