CVE-2022-39279

Name of the Vulnerable Software and Affected Versions discourse-chat versions prior to 0.9

Description The discourse-chat plugin for the Discourse message board has an issue where it renders a chat channel's name and description in an unsafe way, allowing staff members to cause a cross-site scripting (XSS) attack by inserting unsafe HTML into them.

Recommendations For versions prior to 0.9, upgrade to version 0.9 to address the issue. At the moment, there is no other information about additional mitigation measures for this issue.