CVE-2025-58054

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.1

Description Discourse, an open-source community discussion platform, is affected by a cross-site scripting (XSS) issue. The issue stems from how the platform parses and renders chat channel titles and chat thread titles using the quote message functionality with the rich text editor. This allows for the execution of malicious scripts through crafted titles.

Recommendations Update to version 3.5.1 or later.