CVE-2023-7113

🗓️ 29 Dec 2023 12:46:13Reported by MattermostType

Mattermost v8.1.6 and earlier doesn't sanitize channel mentions, enabling markup injection

Reporter	Title	Published	Views	Family All 19
Chainguard	CVE-2023-7113 vulnerabilities	1 May 202507:14	–	cgr
Circl	CVE-2023-7113	29 Dec 202314:26	–	circl
CNNVD	Mattermost Cross-Site Scripting Vulnerability	29 Dec 202300:00	–	cnnvd
Cvelist	CVE-2023-7113	29 Dec 202312:46	–	cvelist
EUVD	EUVD-2023-3217	3 Oct 202520:07	–	euvd
Github Security Blog	Mattermost Cross-site Scripting vulnerability	29 Dec 202315:30	–	github
NVD	CVE-2023-7113	29 Dec 202313:15	–	nvd
OSV	BIT-MATTERMOST-2023-7113	6 Mar 202410:56	–	osv
OSV	CGA-C2R9-JM5Q-WJ28	29 Jan 202600:45	–	osv
OSV	CGA-HPFV-F2F6-3F5H	15 Jul 202422:00	–	osv

NVD

Node

mattermost mattermost_serverRange<8.1.7

[
  {
    "defaultStatus": "unaffected",
    "product": "Mattermost",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "8.1.6",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.2.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "8.1.7"
      },
      {
        "status": "unaffected",
        "version": "9.2.0"
      }
    ]
  }
]

Source	Link
mattermost	www.mattermost.com/security-updates

21 Nov 2024 08:45Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.13.7 - 6.1

EPSS0.00726

CWE-79