CVE-2022-36057

Name of the Vulnerable Software and Affected Versions Discourse-Chat versions prior to 0.9

Description The issue affects users of Discourse Chat, an asynchronous messaging plugin for the Discourse open-source discussion platform. Admin users can insert HTML into chat titles and descriptions, causing a Cross-Site Scripting (XSS) attack.

Recommendations For versions prior to 0.9, update to version 0.9 to resolve the issue. As a temporary workaround, consider restricting admin users' ability to insert HTML into chat titles and descriptions until the patch is applied.