ID CVE-2017-1000054
Type cve
Reporter NVD
Modified 2017-07-19T13:38:24
Description
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
{"scanner": [], "cpe": ["cpe:/a:rocketchat:rocket.chat:0.49.0", "cpe:/a:rocketchat:rocket.chat:0.53.0", "cpe:/a:rocketchat:rocket.chat:0.46.0", "cpe:/a:rocketchat:rocket.chat:0.31.0", "cpe:/a:rocketchat:rocket.chat:0.11.0", "cpe:/a:rocketchat:rocket.chat:0.40.1", "cpe:/a:rocketchat:rocket.chat:0.47.1", "cpe:/a:rocketchat:rocket.chat:0.9.0", "cpe:/a:rocketchat:rocket.chat:0.54.0", "cpe:/a:rocketchat:rocket.chat:0.56.0", "cpe:/a:rocketchat:rocket.chat:0.24.0", "cpe:/a:rocketchat:rocket.chat:0.28.0", "cpe:/a:rocketchat:rocket.chat:0.26.0", "cpe:/a:rocketchat:rocket.chat:0.55.0", "cpe:/a:rocketchat:rocket.chat:0.49.4", "cpe:/a:rocketchat:rocket.chat:0.15.0", "cpe:/a:rocketchat:rocket.chat:0.30.0", "cpe:/a:rocketchat:rocket.chat:0.18.1", "cpe:/a:rocketchat:rocket.chat:0.49.3", "cpe:/a:rocketchat:rocket.chat:0.51.0", "cpe:/a:rocketchat:rocket.chat:0.38.0", "cpe:/a:rocketchat:rocket.chat:0.35.0", "cpe:/a:rocketchat:rocket.chat:0.22.0", "cpe:/a:rocketchat:rocket.chat:0.54.2", "cpe:/a:rocketchat:rocket.chat:0.49.1", "cpe:/a:rocketchat:rocket.chat:0.39.0", "cpe:/a:rocketchat:rocket.chat:0.52.0", "cpe:/a:rocketchat:rocket.chat:0.57.1", "cpe:/a:rocketchat:rocket.chat:0.14.0", "cpe:/a:rocketchat:rocket.chat:0.23.0", "cpe:/a:rocketchat:rocket.chat:0.8.0", "cpe:/a:rocketchat:rocket.chat:0.57.0:rc1", "cpe:/a:rocketchat:rocket.chat:0.44.0", "cpe:/a:rocketchat:rocket.chat:0.16.0", "cpe:/a:rocketchat:rocket.chat:0.17.0", "cpe:/a:rocketchat:rocket.chat:0.10.1", "cpe:/a:rocketchat:rocket.chat:0.49.2", "cpe:/a:rocketchat:rocket.chat:0.57.0:rc2", "cpe:/a:rocketchat:rocket.chat:0.50.0", "cpe:/a:rocketchat:rocket.chat:0.45.0", "cpe:/a:rocketchat:rocket.chat:0.34.0", "cpe:/a:rocketchat:rocket.chat:0.41.0", "cpe:/a:rocketchat:rocket.chat:0.57.2", "cpe:/a:rocketchat:rocket.chat:0.57.0:rc3", "cpe:/a:rocketchat:rocket.chat:0.12.0", "cpe:/a:rocketchat:rocket.chat:0.25.0", "cpe:/a:rocketchat:rocket.chat:0.54.1", "cpe:/a:rocketchat:rocket.chat:0.29.0", "cpe:/a:rocketchat:rocket.chat:0.43.0", "cpe:/a:rocketchat:rocket.chat:0.19.0", "cpe:/a:rocketchat:rocket.chat:0.10.2", "cpe:/a:rocketchat:rocket.chat:0.21.0", "cpe:/a:rocketchat:rocket.chat:0.57.0", "cpe:/a:rocketchat:rocket.chat:0.48.1", "cpe:/a:rocketchat:rocket.chat:0.13.0", "cpe:/a:rocketchat:rocket.chat:0.57.0:rc0", "cpe:/a:rocketchat:rocket.chat:0.32.0", "cpe:/a:rocketchat:rocket.chat:0.12.1", "cpe:/a:rocketchat:rocket.chat:0.18.0", "cpe:/a:rocketchat:rocket.chat:0.10.0", "cpe:/a:rocketchat:rocket.chat:0.36.0", "cpe:/a:rocketchat:rocket.chat:0.37.0", "cpe:/a:rocketchat:rocket.chat:0.20.0", "cpe:/a:rocketchat:rocket.chat:0.33.0", "cpe:/a:rocketchat:rocket.chat:0.48.0", "cpe:/a:rocketchat:rocket.chat:0.27.0", "cpe:/a:rocketchat:rocket.chat:0.37.1", "cpe:/a:rocketchat:rocket.chat:0.48.2", "cpe:/a:rocketchat:rocket.chat:0.47.0", "cpe:/a:rocketchat:rocket.chat:0.42.0", "cpe:/a:rocketchat:rocket.chat:0.50.1", "cpe:/a:rocketchat:rocket.chat:0.55.1"], "bulletinFamily": "NVD", "viewCount": 2, "reporter": "NVD", "references": ["https://www.theblazehen.com/posts/CVE-2017-xxxxxx-rocketchat-xss-with-markdown-url-handling-in-messages/"], "assessment": {"href": "", "name": "", "system": ""}, "description": "Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.", "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "c355085b6cc0d1bf2318024896358ec1"}, {"key": "cvelist", "hash": "8baa72bd68deebfa948cc2180fbe95dc"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "5725a61393d5fed910c21485af82a254"}, {"key": "href", "hash": "72eb28672abd7344abfbce522a1c44d0"}, {"key": "modified", "hash": "c52496a321ceb13e15ed77a96d4d0da9"}, {"key": "published", "hash": "43678146dac4c2248b17625d9a1be8cc"}, {"key": "references", "hash": "04121681f4021dbe18d806cb608409a5"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "a2750994ac17d29be115b4a73b063744"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000054", "modified": "2017-07-19T13:38:24", "objectVersion": "1.3", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "id": "CVE-2017-1000054", "title": "CVE-2017-1000054", "hash": "1e2cb2c391002764c17543dd7e1bb847d98b6336810f9b1e029fd2a6553331b0", "edition": 2, "published": "2017-07-17T09:18:17", "type": "cve", "history": [{"lastseen": "2017-07-18T10:49:38", "bulletin": {"scanner": [], "cpe": [], "hash": "ec7d2d22864720a4e15d4a2a4a4deb33f0a80a1db4ad3c4df9865d53da418e98", "viewCount": 0, "reporter": "NVD", "references": ["https://www.theblazehen.com/posts/CVE-2017-xxxxxx-rocketchat-xss-with-markdown-url-handling-in-messages/"], "assessment": {"href": "", "name": "", "system": ""}, "description": "Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.", "hashmap": [{"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "modified", "hash": "43678146dac4c2248b17625d9a1be8cc"}, {"key": "references", "hash": "04121681f4021dbe18d806cb608409a5"}, {"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "published", "hash": "43678146dac4c2248b17625d9a1be8cc"}, {"key": "description", "hash": "5725a61393d5fed910c21485af82a254"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "href", "hash": "72eb28672abd7344abfbce522a1c44d0"}, {"key": "title", "hash": "a2750994ac17d29be115b4a73b063744"}, {"key": "cvelist", "hash": "8baa72bd68deebfa948cc2180fbe95dc"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000054", "modified": "2017-07-17T09:18:17", "objectVersion": "1.3", "enchantments": {}, "id": "CVE-2017-1000054", "title": "CVE-2017-1000054", "bulletinFamily": "NVD", "edition": 1, "published": "2017-07-17T09:18:17", "type": "cve", "history": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvelist": ["CVE-2017-1000054"], "lastseen": "2017-07-18T10:49:38"}, "differentElements": ["cvss", "modified", "cpe"], "edition": 1}], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "cvelist": ["CVE-2017-1000054"], "lastseen": "2017-07-20T10:53:00"}
{}
