CVE-2022-39279
- EPSS 0.21%
- Veröffentlicht 06.10.2022 20:15:34
- Zuletzt bearbeitet 21.11.2024 07:17:56
discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS...
CVE-2022-36057
- EPSS 0.19%
- Veröffentlicht 06.09.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 07:12:17
Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack...
CVE-2022-31095
- EPSS 0.21%
- Veröffentlicht 21.06.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 07:03:53
discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message usi...