Mattermost ≫ Mattermost Server

An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.

An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.

An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.

An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.

An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.

An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.

An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.

An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.

An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.

An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.