5.4
CVE-2024-47048
- EPSS 0.14%
- Veröffentlicht 25.09.2024 01:15:44
- Zuletzt bearbeitet 25.03.2025 17:16:11
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginRocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rocket.Chat ≫ Rocket.Chat Version < 6.7.9
Rocket.Chat ≫ Rocket.Chat Version >= 6.8.0 < 6.8.7
Rocket.Chat ≫ Rocket.Chat Version >= 6.9.0 < 6.9.7
Rocket.Chat ≫ Rocket.Chat Version >= 6.10.0 < 6.10.6
Rocket.Chat ≫ Rocket.Chat Version >= 6.11.0 < 6.11.3
Rocket.Chat ≫ Rocket.Chat Version6.12.0 Update-
Rocket.Chat ≫ Rocket.Chat Version6.12.0 Updaterc1
Rocket.Chat ≫ Rocket.Chat Version6.12.0 Updaterc2
Rocket.Chat ≫ Rocket.Chat Version6.12.0 Updaterc3
Rocket.Chat ≫ Rocket.Chat Version6.12.0 Updaterc4
Rocket.Chat ≫ Rocket.Chat Version6.12.0 Updaterc5
Rocket.Chat ≫ Rocket.Chat Version6.12.0 Updaterc6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.34 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.