CVE-2022-36057

Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack. Version 0.9 contains a patch for this issue.
Configurations

Configuration 1

cpe:2.3:a:discourse:discourse-chat:*:*:*:*:*:discourse:*:*

Information

Published : 2022-09-06 08:15

Updated : 2022-09-09 04:32


NVD link : CVE-2022-36057

Mitre link : CVE-2022-36057

Products Affected
No products.
CWE
CWE-79

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)