exploitDog

CVE-2018-13879

Опубликовано: 11 июл. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html.

Ссылки

https://github.com/RocketChat/Rocket.Chat/issues/10795
Third Party Advisory
https://github.com/RocketChat/Rocket.Chat/issues/10795
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*

Версия до 0.66 (исключая)

EPSS

Процентиль: 41%

0.00192

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jf3p-59jq-4gpv

CVSS3: 5.4

github

больше 3 лет назад

A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html.

EPSS

Процентиль: 41%

0.00192

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79