Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Mattermost Subscribe
Total 194 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-11078 1 Mattermost 1 Mattermost Server 2020-06-25 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.
CVE-2016-11079 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.
CVE-2016-11080 1 Mattermost 1 Mattermost Server 2020-06-25 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.
CVE-2016-11081 1 Mattermost 1 Mattermost Server 2020-06-25 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
CVE-2016-11082 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.
CVE-2016-11083 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.
CVE-2017-18905 1 Mattermost 1 Mattermost Server 2020-06-25 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
CVE-2016-11071 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
CVE-2017-18910 1 Mattermost 1 Mattermost Server 2020-06-25 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.
CVE-2017-18903 1 Mattermost 1 Mattermost Server 2020-06-25 5.1 MEDIUM 8.8 HIGH
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
CVE-2017-18904 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.
CVE-2017-18909 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.
CVE-2016-11063 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.
CVE-2016-11070 1 Mattermost 1 Mattermost Server 2020-06-25 3.5 LOW 5.4 MEDIUM
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.
CVE-2016-11073 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.
CVE-2016-11067 1 Mattermost 1 Mattermost Server 2020-06-24 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
CVE-2017-18877 1 Mattermost 1 Mattermost Server 2020-06-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.
CVE-2016-11068 1 Mattermost 1 Mattermost Server 2020-06-24 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.
CVE-2017-18907 1 Mattermost 1 Mattermost Server 2020-06-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
CVE-2017-18913 1 Mattermost 1 Mattermost Server 2020-06-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.