Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2018-13878
HistoryJul 11, 2018 - 1:00 a.m.

CVE-2018-13878

2018-07-1101:00:00
mitre
www.cve.org
4
xss issue
rocket.chat
user tokens
admin tokens

EPSS

0.001

Percentile

34.9%

JSON

An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel.

Related

prion 1
osv 1
cve 1
nvd 1
prion
prion
Cross site scripting
2018-07-11 01:29:00
osv
osv
CVE-2018-13878
2018-07-11 01:29:01
cve
cve
CVE-2018-13878
2018-07-11 01:29:01
nvd
nvd
CVE-2018-13878
2018-07-11 01:29:01

EPSS

0.001

Percentile

34.9%

JSON
Related for CVELIST:CVE-2018-13878
prion1osv1cve1nvd1