Xfalcox

**Name of the Vulnerable Software and Affected Versions** Discourse AI (affected versions not specified) **Description** The issue concerns the Discourse AI plugin, which provides AI features. When sharing conversations from the Discourse AI Bot into posts, HTML entities from the conversation could leak into the Discourse application if a user visits a post with a onebox for that conversation. This problem has been addressed in commit `92f122c`. **Recommendations** For all affected versions, update to a version that includes the fix from commit `92f122c`. As a temporary workaround for users unable to update, remove all groups from the `ai bot public sharing allowed groups` site setting.