EUVD-2023-2986

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Mattermost allows HTML injection in channel names during autocomplete, but no XSS vulnerability exists.

Reporter	Title	Published	Views	Family All 20
Chainguard	CVE-2023-35075 vulnerabilities	1 May 202507:14	–	cgr
Circl	CVE-2023-35075	16 Dec 202320:52	–	circl
CNNVD	Mattermost Injection Vulnerability	27 Nov 202300:00	–	cnnvd
CVE	CVE-2023-35075	27 Nov 202309:09	–	cve
Cvelist	CVE-2023-35075 HTML injection via channel autocomplete	27 Nov 202309:09	–	cvelist
Github Security Blog	Mattermost Injection vulnerability	27 Nov 202312:30	–	github
NVD	CVE-2023-35075	27 Nov 202310:15	–	nvd
OSV	CGA-3565-8MPC-FM6X	4 Apr 202521:19	–	osv
OSV	CGA-5VX8-CJJV-2M22	15 Jul 202421:53	–	osv
OSV	CGA-82Q4-66W4-PHC4	25 Sep 202402:09	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "178dc820-c318-3299-b455-560da9dbe261",
        "vendor": {
          "name": "Mattermost"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "178dc820-c318-3299-b455-560da9dbe261",
        "product": {
          "name": "Mattermost"
        },
        "product_version": ""
      },
      {
        "id": "2acbc914-464a-30f2-af1f-c2852d2aeb1e",
        "product": {
          "name": "Mattermost"
        },
        "product_version": "0 ≤8.1.3"
      },
      {
        "id": "79725dbb-b4aa-3832-85b7-1a3e42d41fca",
        "product": {
          "name": "Mattermost"
        },
        "product_version": "0 ≤7.8.12"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-35075
github	www.github.com/mattermost/mattermost
mattermost	www.mattermost.com/security-updates

03 Oct 2025 20:07Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.13.1 - 5.4

EPSS0.0051

SSVC