0.001 Low
EPSS
Percentile
43.1%
Persistent XSS flaw using nested markdown tags allows remote attacker to inject arbitrary JavaScript to message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app. Patched on 3.11, 3.10.5, 3.9.7, 3.8.8.