11 matches found
SUSE CVE-2025-62190
Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...
GO-2025-4254 Mattermost has CSRF vulnerability via Calls Widget page in github.com/mattermost/mattermost-plugin-calls
Mattermost has CSRF vulnerability via Calls Widget page in github.com/mattermost/mattermost-plugin-calls...
GHSA-GMX5-FRV9-9M9F Mattermost has CSRF vulnerability via Calls Widget page
Mattermost versions 11.0.x 11.0.4, 10.12.x = 10.12.2, 10.11.x 10.11.6 and Mattermost Calls versions 1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious webpa...
Mattermost has CSRF vulnerability via Calls Widget page
Mattermost versions 11.0.x 11.0.4, 10.12.x = 10.12.2, 10.11.x 10.11.6 and Mattermost Calls versions 1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious webpa...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Calls widget page. An attacker can initiate calls and inject messages into channels or direct messages by tricking an authenticated user into visiting a malicious webpage or clicking a crafted lin...
Cross-site Request Forgery (CSRF)
Overview github.com/mattermost/mattermost-plugin-calls/server is a package that enables voice calling and screen sharing functionality in Mattermost channels Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Calls widget page. An attacker can initiate cal...
CVE-2025-62190 CSRF Allows Call Initiation and Message Delivery
Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...
EUVD-2025-203892
Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...
CVE-2025-62190 CSRF Allows Call Initiation and Message Delivery
Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a lack of CSRF protection on the Calls widget page, which could lead to an attacker initiating a call and injecting a message into a...
PT-2025-51826
Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...