Tghxworld

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to 3.4.4 Discourse version 3.5.0.beta5 and earlier of the beta branch Discourse version 3.5.0.beta6-dev and earlier of the tests-passed branch **Description** The issue concerns HTML injection in email bodies when the topic title includes HTML, affecting certain email invites. This includes inviting someone without an account to a private message or a topic with a custom message. **Recommendations** For versions prior to 3.4.4, update to version 3.4.4 or later. For version 3.5.0.beta5 and earlier of the beta branch, update to version 3.5.0.beta5 or later. For version 3.5.0.beta6-dev and earlier of the tests-passed branch, update to version 3.5.0.beta6-dev or later. As a temporary workaround, consider overriding the relevant templates without `{topic title}` to prevent HTML injection.