Vulnerabilities > CVE-2022-36057 - Unspecified vulnerability in Discourse Discourse-Chat 0.3/0.4

CVSS 4.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

discourse

NVD

Published: 2022-09-06

Updated: 2024-11-21

Summary

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack. Version 0.9 contains a patch for this issue.

Vulnerable Configurations

Part	Description	Count
Application	Discourse Discourse Discourse Chat - Discourse Discourse Chat 0.3 Discourse Discourse Chat 0.4	3

References

https://github.com/discourse/discourse-chat/pull/1205
https://github.com/discourse/discourse-chat/pull/1205
https://github.com/discourse/discourse-chat/security/advisories/GHSA-3vf2-wrjx-p6xj
https://github.com/discourse/discourse-chat/security/advisories/GHSA-3vf2-wrjx-p6xj