Описание
Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack. Version 0.9 contains a patch for this issue.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9 (исключая)
cpe:2.3:a:discourse:discourse-chat:*:*:*:*:*:discourse:*:*
EPSS
Процентиль: 40%
0.00183
Низкий
5.4 Medium
CVSS3
4.8 Medium
CVSS3
Дефекты
CWE-79
EPSS
Процентиль: 40%
0.00183
Низкий
5.4 Medium
CVSS3
4.8 Medium
CVSS3
Дефекты
CWE-79