Rocket.Chat Cross-Site Scripting Vulnerability (CNVD-2022-70579)

Rocket.Chat is an open source team chat software. Chat suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the chat window, which can be exploited by an attacker to manipulate its style, block functionality, and...

Cross site scripting

A cross-site scripting vulnerability exists in Rocket.chat v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are...