Unrated severityNVD Advisory· Published Oct 6, 2022· Updated Apr 23, 2025
Discourse-chat plugin susceptible to XSS in channel name and description
CVE-2022-39279
Description
discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsafe HTML into them. Version 0.9 has addressed this issue. Users are advised to upgrade. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<0.9+ 1 more
- (no CPE)range: <0.9
- (no CPE)range: < 0.9
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.