Discourse Chat
Approved changes feed: RSS · Atom
cpe:2.3:a:discourse:discourse-chat:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Discourse (2d3c125b-857a-5933-b846-ed7f9d5e0225) |
|---|---|
| Product | Discourse Chat (19e2b061-7b35-5229-903b-c55b795ffdea) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/discourse/discourse-chat |
purl2cpe | 2026-06-01 10:13:03.351004 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-39279 |
vulnerable | 2026-06-03 14:47:51.385428 |
Discourse-chat plugin susceptible to XSS in channel name and description
MEDIUM (4.3)
discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsafe HTML into them. Version 0.9 has addressed this issue. Users are advised to upgrade. There are no known workarounds for this issue.
Published: 2022-10-06T00:00:00.000Z
Updated: 2025-04-23T16:52:20.133Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36057 |
vulnerable | 2026-06-03 14:47:39.314680 |
Discourse-Chat Cross-Site Scripting issue for channel names and descriptions
MEDIUM (5.4)
Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack. Version 0.9 contains a patch for this issue.
Published: 2022-09-06T19:30:14.000Z
Updated: 2025-04-23T17:14:30.715Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-31095 |
vulnerable | 2026-06-03 14:47:10.605275 |
Exposure of Sensitive Information in discourse-chat
MEDIUM (4.3)
discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily affecting direct message channels. There are no known workarounds for this issue, and users are advised to update the plugin.
Published: 2022-06-21T19:00:17.000Z
Updated: 2025-04-23T18:09:13.597Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.