This repository has been archived by the owner on Feb 6, 2023. It is now read-only.
XSS issue for channel names and descriptions
Package
Discourse
(Discourse)
Affected versions
0.9
Patched versions
0.9
Impact
Users of discourse chat can be affected by admin users inserting HTML into chat titles and descriptions, causing an XSS attack.
Patches
Updating to the latest version of chat will have the patch to fix this.