Discourse AI HTML Entity Injection Vulnerability Leading to Cross-Site Scripting

A cross-site scripting vulnerability has been identified in the Discourse AI plugin. This issue arises when conversations with the Discourse AI Bot are shared into posts, as HTML entities from the conversation can leak into the Discourse application. The vulnerability affects Discourse AI versions prior to 7ebbcd2.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, share a conversation from the Discourse AI Bot that contains HTML entities into a post. When the post is viewed, the onebox will reference the conversation, and the HTML entities will be rendered, potentially executing any embedded scripts.

Remediation

Users are advised to update to the latest version of Discourse AI. Those unable to update can remove all groups from the 'AI Bot Public Sharing Allowed Groups' site setting.