Home > Vulnerability Database > CVE-2022-39279

Mend.io Vulnerability Database

CVE-2022-39279

Date: October 6, 2022

discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting (XSS) attack by inserting unsafe HTML into them. Version 0.9 has addressed this issue. Users are advised to upgrade. There are no known workarounds for this issue.

Language: Ruby

Severity Score

5.4

Related Resources (5)

Url: https://www.cve.org/CVERecord?id=CVE-2022-39279

Url: https://github.com/discourse/discourse-chat/commit/25737733af48e5b9fa60b0561d7fde14bea13cce

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39279

Url: https://github.com/discourse/discourse-chat/security/advisories/GHSA-qp62-8m3c-9jgj

Url: https://www.mend.io/vulnerability-database/CVE-2022-39279

Severity Score

5.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39279

Date: October 6, 2022

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?