3 matches found
CVE-2022-31095
The CVE-2022-31095 affects the discourse-chat plugin for Discourse. Versions prior to 0.4 allow an attacker who knows a channel message ID to view that message via the chat message lookup endpoint, primarily impacting direct message channels. There are no known workarounds; remediation is to upda...
CVE-2022-36057
The CVE-2022-36057 issue affects Discourse-Chat, a plugin for Discourse. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by an administrator being able to insert HTML into chat titles and descriptions for channel names. The publicly reported details indicate that versions prior to 0...
CVE-2022-39279
The CVE concerns the discourse-chat plugin for Discourse, where versions prior to 0.9 render a chat channel name and description insecurely, enabling cross-site scripting by inserting unsafe HTML. The fixed version is 0.9; users are advised to upgrade. No additional exploit details or workaround ...