An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.
CPE | Name | Operator | Version |
---|---|---|---|
mattermost-server | eq | 4.2.0 | |
mattermost-server | eq | 4.2.0-rc4 |