CVE-2024-54142
Published: 14 January 2025
Summary
CVE-2024-54142 is a critical-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Filters potentially malicious HTML entities from AI bot conversations prior to rendering in onebox previews, directly preventing XSS execution in victims' browsers.
Validates and sanitizes inputs from AI bot conversations to block injection of HTML entities that could leak into shared posts.
Ensures timely remediation of the specific XSS flaw in the Discourse AI plugin via patching to commit 92f122c.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows HTML entities from AI bot conversations to leak into Discourse posts via oneboxes, enabling exploitation of a public-facing web application (T1190) and content injection (T1659) for potential arbitrary code execution or impact.
NVD Description
Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post…
more
with a onebox to said conversation. This issue has been addressed in commit `92f122c`. Users are advised to update. Users unable to update may remove all groups from `ai bot public sharing allowed groups` site setting.
Deeper analysisAI
CVE-2024-54142 is a cross-site scripting (XSS) vulnerability (CWE-79) with a CVSS v3.1 base score of 9.0 in the Discourse AI plugin, which adds AI features to the Discourse forum software. The flaw occurs when sharing Discourse AI Bot conversations into posts: if the conversation contains HTML entities, they can leak into the broader Discourse application when another user visits a post that includes a onebox preview of the conversation.
A low-privileged authenticated user (PR:L) can exploit this by generating or sharing an AI Bot conversation with malicious HTML entities. Exploitation requires low attack complexity (AC:L) over the network (AV:N) and user interaction (UI:R), such as a victim visiting the post with the onebox. Success grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) with changed scope (S:C), potentially allowing attackers to execute arbitrary scripts in victims' browsers and compromise their sessions.
The issue was fixed in commit 92f122c54d9d7ead9223a056270bff5b4c42c73f of the discourse-ai repository, as detailed in the GitHub security advisory GHSA-94c2-qr2h-88jv. Discourse advises users to update the plugin. Those unable to update can mitigate by removing all groups from the `ai bot public sharing allowed groups` site setting.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Discourse AI is a plugin providing AI features including an AI Bot for conversations, fitting Enterprise AI Assistants as it integrates AI assistance into forum software. The vulnerability involves improper handling of HTML entities in shared AI bot conversations, leading to potential leakage into posts.