CVE-2020-28208
- EPSS 35.68%
- Veröffentlicht 08.01.2021 18:15:13
- Zuletzt bearbeitet 21.11.2024 05:22:28
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.
CVE-2020-29594
- EPSS 0.49%
- Veröffentlicht 30.12.2020 07:15:12
- Zuletzt bearbeitet 21.11.2024 05:24:16
Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login.
CVE-2020-15926
- EPSS 0.76%
- Veröffentlicht 18.08.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:28
Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side.
CVE-2019-17220
- EPSS 1.93%
- Veröffentlicht 21.10.2019 21:15:10
- Zuletzt bearbeitet 21.11.2024 04:31:53
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
CVE-2018-13879
- EPSS 0.19%
- Veröffentlicht 11.07.2018 01:29:01
- Zuletzt bearbeitet 21.11.2024 03:48:14
A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows t...
CVE-2018-13878
- EPSS 0.21%
- Veröffentlicht 11.07.2018 01:29:01
- Zuletzt bearbeitet 21.11.2024 03:48:14
An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is p...
CVE-2017-1000493
- EPSS 0.3%
- Veröffentlicht 03.01.2018 01:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:51
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover