=====================================================================

                                 CERT-Renater

                      Note d'Information No. 2022/VULN360

_____________________________________________________________________

DATE                : 07/10/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Chat (Discourse) versions prior
                                          to
                                   4.4.3-P1, 4.1-ESV-R16-P2.

=====================================================================
https://github.com/discourse/discourse-chat/security/advisories/GHSA-qp62-8m3c-9jgj
_____________________________________________________________________

Channel name and description susceptible to XSS
Moderate	nattsw published GHSA-qp62-8m3c-9jgj

Package
Chat (Discourse)

Affected versions
0.9

Patched versions
0.9

Description

Impact
Some places render a chat channel's name and description
in an unsafe way, allowing staff members to cause an XSS
attack by inserting HTML into them.


Patches
Updating to the latest version of chat will have the patch
to fix this.


Severity
Moderate

CVE ID
CVE-2022-39279

Weaknesses
No CWEs

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================