Filtered by vendor Mattermost
Subscribe
Total
194 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-11078 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. | |||||
CVE-2016-11079 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. | |||||
CVE-2016-11080 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. | |||||
CVE-2016-11081 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. | |||||
CVE-2016-11082 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. | |||||
CVE-2016-11083 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. | |||||
CVE-2017-18905 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | |||||
CVE-2016-11071 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. | |||||
CVE-2017-18910 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. | |||||
CVE-2017-18903 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.1 MEDIUM | 8.8 HIGH |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. | |||||
CVE-2017-18904 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file. | |||||
CVE-2017-18909 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. | |||||
CVE-2016-11063 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. | |||||
CVE-2016-11070 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. | |||||
CVE-2016-11073 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. | |||||
CVE-2016-11067 | 1 Mattermost | 1 Mattermost Server | 2020-06-24 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. | |||||
CVE-2017-18877 | 1 Mattermost | 1 Mattermost Server | 2020-06-24 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page. | |||||
CVE-2016-11068 | 1 Mattermost | 1 Mattermost Server | 2020-06-24 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. | |||||
CVE-2017-18907 | 1 Mattermost | 1 Mattermost Server | 2020-06-24 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header. | |||||
CVE-2017-18913 | 1 Mattermost | 1 Mattermost Server | 2020-06-24 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page. |