Lucene search
China National Vulnerability DatabaseCNVD-2022-70579HistorySep 28, 2022 - 12:00 a.m.
Rocket.Chat Cross-Site Scripting Vulnerability (CNVD-2022-70579)
2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
rocket.chat
cross-site scripting
vulnerability
chat software
filtering
escaping
user-supplied data
attackers
cross-site manipulation
style
block functionality
content hijack
0.001 Low
EPSS
Percentile
25.0%
Rocket.Chat, an open source team chat software, suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the chat window, which could be exploited by attackers to cause cross-site manipulation of its style, block functionality, and hijack the target userβs content.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rocket.chat rocket.chat | lt | 5.0 |
Related
prion
prion
Cross site scripting
2022-09-23 19:15:00
osv
osv
CVE-2022-35251
2022-09-23 19:15:14
nvd
nvd
CVE-2022-35251
2022-09-23 19:15:14
cvelist
cvelist
CVE-2022-35251
2022-09-23 18:28:12
hackerone
hackerone
cve
cve
CVE-2022-35251
2022-09-23 19:15:14