Количество 3
Количество 3
CVE-2023-35075
Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.
CVE-2023-35075
Mattermost fails to use innerText /textContentwhen setting the channel ...
GHSA-jcgv-3pfq-j4hr
Mattermost Injection vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-35075 Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though. | CVSS3: 3.1 | 0% Низкий | больше 1 года назад |
| CVE-2023-35075 Mattermost fails to use innerText /textContentwhen setting the channel ... | CVSS3: 3.1 | 0% Низкий | больше 1 года назад |
| GHSA-jcgv-3pfq-j4hr Mattermost Injection vulnerability | CVSS3: 3.1 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу