Discourse Chat
By the Year
In 2023 there have been 0 vulnerabilities in Discourse Chat . Last year Discourse Chat had 3 security vulnerabilities published. Right now, Discourse Chat is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 3 | 5.57 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Discourse Chat vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Discourse Chat Security Vulnerabilities
discourse-chat is a plugin for the Discourse message board which adds chat functionality
CVE-2022-39279
5.4 - Medium
- October 06, 2022
discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsafe HTML into them. Version 0.9 has addressed this issue. Users are advised to upgrade. There are no known workarounds for this issue.
XSS
Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform
CVE-2022-36057
4.8 - Medium
- September 06, 2022
Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack. Version 0.9 contains a patch for this issue.
XSS
discourse-chat is a chat plugin for the Discourse application
CVE-2022-31095
6.5 - Medium
- June 21, 2022
discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily affecting direct message channels. There are no known workarounds for this issue, and users are advised to update the plugin.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Discourse Chat or by Discourse? Click the Watch button to subscribe.
