Описание
Mattermost Server is vulnerable to XSS through display name field
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-18893
- https://github.com/mattermost/mattermost/commit/2a4d88d07c5815deac103e109550d25338507151
- https://github.com/mattermost/mattermost/commit/670bfbf62686ebe9f2ab332733d851a62b6950b0
- https://github.com/mattermost/mattermost/commit/d0b42b9e527e93a61fd06a9b9106fc97067807e4
- https://mattermost.com/security-updates
Пакеты
Наименование
github.com/mattermost/mattermost-server
go
Затронутые версииВерсия исправления
< 4.0.5
4.0.5
Наименование
github.com/mattermost/mattermost-server
go
Затронутые версииВерсия исправления
>= 4.1.0, < 4.1.1
4.1.1
Наименование
github.com/mattermost/mattermost-server
go
Затронутые версииВерсия исправления
>= 4.2.0-rc1, < 4.2.0
4.2.0
Связанные уязвимости
CVSS3: 6.1
nvd
больше 5 лет назад
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.
CVSS3: 6.1
debian
больше 5 лет назад
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...