Cyber Resilience

CVE-2024-54142

Critical

Published: 14 January 2025

Published
14 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0035 58.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54142 is a critical-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 41.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2024-54142 is a cross-site scripting (XSS) vulnerability (CWE-79) with a CVSS v3.1 base score of 9.0 in the Discourse AI plugin, which adds AI features to the Discourse forum software. The flaw occurs when sharing Discourse AI Bot conversations into posts: if the conversation contains HTML entities, they can leak into the broader Discourse application when another user visits a post that includes a onebox preview of the conversation.

A low-privileged authenticated user (PR:L) can exploit this by generating or sharing an AI Bot conversation with malicious HTML entities. Exploitation requires low attack complexity (AC:L) over the network (AV:N) and user interaction (UI:R), such as a victim visiting the post with the onebox. Success grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) with changed scope (S:C), potentially allowing attackers to execute arbitrary scripts in victims' browsers and compromise their sessions.

The issue was fixed in commit 92f122c54d9d7ead9223a056270bff5b4c42c73f of the discourse-ai repository, as detailed in the GitHub security advisory GHSA-94c2-qr2h-88jv. Discourse advises users to update the plugin. Those unable to update can mitigate by removing all groups from the `ai bot public sharing allowed groups` site setting.

EU & UK References

Vulnerability details

Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post…

more

with a onebox to said conversation. This issue has been addressed in commit `92f122c`. Users are advised to update. Users unable to update may remove all groups from `ai bot public sharing allowed groups` site setting.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1659 Content Injection Initial Access
Adversaries may gain access and continuously communicate with victims by injecting malicious content into systems through online network traffic.
Why these techniques?

The vulnerability allows HTML entities from AI bot conversations to leak into Discourse posts via oneboxes, enabling exploitation of a public-facing web application (T1190) and content injection (T1659) for potential arbitrary code execution or impact.

CVEs Like This One

CVE-2015-20115Shared CWE-79
CVE-2025-23668Shared CWE-79
CVE-2024-57428Shared CWE-79
CVE-2024-7044Shared CWE-79
CVE-2025-26210Shared CWE-79
CVE-2021-47873Shared CWE-79
CVE-2026-7052Shared CWE-79
CVE-2024-56060Shared CWE-79
CVE-2025-49043Shared CWE-79
CVE-2026-40038Shared CWE-79

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Filters potentially malicious HTML entities from AI bot conversations prior to rendering in onebox previews, directly preventing XSS execution in victims' browsers.

prevent

Validates and sanitizes inputs from AI bot conversations to block injection of HTML entities that could leak into shared posts.

prevent

Ensures timely remediation of the specific XSS flaw in the Discourse AI plugin via patching to commit 92f122c.

References