Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
References
Link | Resource |
---|---|
https://www.theblazehen.com/posts/CVE-2017-xxxxxx-rocketchat-xss-with-markdown-url-handling-in-messages/ | Broken Link |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-07-17 06:18
Updated : 2017-07-19 10:38
NVD link : CVE-2017-1000054
Mitre link : CVE-2017-1000054
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
rocketchat
- rocket.chat