This repository has been archived by the owner on Feb 6, 2023. It is now read-only.
Channel name and description susceptible to XSS
Package
Chat
(Discourse)
Affected versions
0.9
Patched versions
0.9
Impact
Some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an XSS attack by inserting HTML into them.
Patches
Updating to the latest version of chat will have the patch to fix this.