Описание
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
Ссылки
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.4.0 (исключая)
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00246
Низкий
2 Low
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-80
CWE-79
Связанные уязвимости
CVSS3: 2
debian
больше 3 лет назад
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML conte ...
CVSS3: 5.4
github
больше 3 лет назад
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
EPSS
Процентиль: 48%
0.00246
Низкий
2 Low
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-80
CWE-79