Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2022-35251
HistorySep 23, 2022 - 6:28 p.m.

CVE-2022-35251

2022-09-2318:28:12
CWE-79
hackerone
www.cve.org
3
cross-site scripting
rocket.chat
style injection
persistent attack vector

EPSS

0.001

Percentile

24.8%

JSON

A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed.

CNA Affected

[
  {
    "product": "Rocket.chat",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in 5.0>"
      }
    ]
  }
]

Related

osv 1
nvd 1
prion 1
cnvd 1
hackerone 1
cve 1
osv
osv
CVE-2022-35251
2022-09-23 19:15:14
nvd
nvd
CVE-2022-35251
2022-09-23 19:15:14
prion
prion
Cross site scripting
2022-09-23 19:15:00
cnvd
cnvd
Rocket.Chat Cross-Site Scripting Vulnerability (CNVD-2022-70579)
2022-09-28 00:00:00
hackerone
hackerone
Rocket.Chat: Persistent CSS injection with ’marked’ markdown parser in Rocket.Chat
2021-11-16 07:39:30
cve
cve
CVE-2022-35251
2022-09-23 19:15:14

EPSS

0.001

Percentile

24.8%

JSON
Related for CVELIST:CVE-2022-35251
osv1nvd1prion1cnvd1hackerone1cve1