Headline
CVE-2022-36057: XSS issue for channel names and descriptions
Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack. Version 0.9 contains a patch for this issue.
Impact
Users of discourse chat can be affected by admin users inserting HTML into chat titles and descriptions, causing an XSS attack.
Patches
Updating to the latest version of chat will have the patch to fix this.