CVE-2022-23548 Information

Description

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches parsing posts can be susceptible to XSS attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.

Reference

https://github.com/discourse/discourse/pull/19737 https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf