Lucene search
HistorySep 25, 2024 - 1:15 a.m.
CVE-2024-46934
rocket.chat
6.12.0
vulnerability
dom-based xss
attackers
updateotrack method
message forgery
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload.
Affected configurations
Node
rocket.chatrocket.chatRange<6.7.9
ORrocket.chatrocket.chatRange6.8.0–6.8.7
ORrocket.chatrocket.chatRange6.9.0–6.9.7
ORrocket.chatrocket.chatRange6.10.0–6.10.6
ORrocket.chatrocket.chatRange6.11.0–6.11.3
ORrocket.chatrocket.chatMatch6.12.0-
ORrocket.chatrocket.chatMatch6.12.0rc1
ORrocket.chatrocket.chatMatch6.12.0rc2
ORrocket.chatrocket.chatMatch6.12.0rc3
ORrocket.chatrocket.chatMatch6.12.0rc4
ORrocket.chatrocket.chatMatch6.12.0rc5
ORrocket.chatrocket.chatMatch6.12.0rc6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rocket.chat | rocket.chat | * | cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:* |
| rocket.chat | rocket.chat | 6.12.0 | cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:-:*:*:*:*:*:* |
| rocket.chat | rocket.chat | 6.12.0 | cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:rc1:*:*:*:*:*:* |
| rocket.chat | rocket.chat | 6.12.0 | cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:rc2:*:*:*:*:*:* |
| rocket.chat | rocket.chat | 6.12.0 | cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:rc3:*:*:*:*:*:* |
| rocket.chat | rocket.chat | 6.12.0 | cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:rc4:*:*:*:*:*:* |
| rocket.chat | rocket.chat | 6.12.0 | cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:rc5:*:*:*:*:*:* |
| rocket.chat | rocket.chat | 6.12.0 | cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:rc6:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2024-46934
2024-09-24 00:00:00
vulnrichment
vulnrichment
CVE-2024-46934
2024-09-24 00:00:00
osv
osv
CVE-2024-46934
2024-09-25 01:15:44
cve
cve
CVE-2024-46934
2024-09-25 01:15:44
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.7%
Related for NVD:CVE-2024-46934