The specializedRendering
function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the value
parameter.
[
{
"product": "Rocket.Chat server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 3.9.2"
}
]
}
]