Lucene search

China National Vulnerability DatabaseCNVD-2024-14306

HistoryMar 19, 2024 - 12:00 a.m.

Mattermost Cross-Site Scripting Vulnerability (CNVD-2024-14306)

2024-03-1900:00:00

China National Vulnerability Database

www.cnvd.org.cn

mattermost

open-source

collaboration

platform

cross-site

scripting

vulnerability

attack

reflective

security

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Mattermost is an open-source collaboration platform from Mattermost, Inc. in the U.S. Matter is a unified, open-source application-layer connectivity standard designed to enable developers and device manufacturers to connect and build reliable, secure ecosystems and improve compatibility between connected home devices. Mattermost suffers from a cross-site scripting vulnerability that stems from an inability to escape user-controlled output pages, which can be exploited by an attacker to perform a reflective cross-site scripting attack.

CPENameOperatorVersion
mattermost mattermost >=8.1.x，lt8.1.10
mattermost mattermost >=9.2.x，lt9.2.6
mattermost mattermost >=9.3.x，lt9.3.2
mattermost mattermost >=9.4.x，lt9.4.3

Name	Operator	Version
mattermost mattermost >=8.1.x，	lt	8.1.10
mattermost mattermost >=9.2.x，	lt	9.2.6
mattermost mattermost >=9.3.x，	lt	9.3.2
mattermost mattermost >=9.4.x，	lt	9.4.3