CVE-2023-1776

🗓️ 31 Mar 2023 11:29:36Reported by MattermostType

Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direc

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2023-1776	31 Mar 202316:22	–	circl
CNNVD	Mattermost 跨站脚本漏洞	31 Mar 202300:00	–	cnnvd
Cvelist	CVE-2023-1776 Stored XSS via SVG attachment on Boards	31 Mar 202311:29	–	cvelist
EUVD	EUVD-2023-0891	3 Oct 202520:07	–	euvd
Github Security Blog	Mattermost vulnerable to cross-site scripting (XSS)	31 Mar 202312:30	–	github
Tenable Nessus	Mattermost Server < 7.1.6 / 7.2.x < 7.7.2 XSS (MMSA-2023-00139)	27 Apr 202300:00	–	nessus
NVD	CVE-2023-1776	31 Mar 202312:15	–	nvd
OSV	BIT-MATTERMOST-2023-1776	6 Mar 202411:02	–	osv
OSV	GHSA-63F2-6959-2PXJ Mattermost vulnerable to cross-site scripting (XSS)	31 Mar 202312:30	–	osv
Prion	Code injection	31 Mar 202312:15	–	prion

NVD

Node

mattermost mattermost_serverRange<7.1.6

mattermost mattermost_serverMatch7.7.1

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "7.7.1",
        "status": "affected",
        "version": "3.3.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "7.1.5",
        "status": "affected",
        "version": "3.3.0",
        "versionType": "semver"
      },
      {
        "lessThan": "7.8.0",
        "status": "affected",
        "version": "3.3.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "7.8.0"
      },
      {
        "status": "unaffected",
        "version": "7.7.2"
      },
      {
        "status": "unaffected",
        "version": "7.1.6"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates/

21 Nov 2024 07:39Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.15.4 - 7.3

EPSS0.0071

SSVC

CWE-79