SUSE CVE-2017-18898

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang...

CVE-2017-18898

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang...

CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the improper validation of plugin bot identity. An attacker can cause users to add reactions to arbitrary GitHub objects by sending crafted notification posts. Remediation Upgrade...

CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

SUSE CVE-2016-11067

An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang...

EUVD-2016-2056

Malware in sbrugna...

EUVD-2017-9988

Malware in sbrugna...

CVE-2024-54083

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side webapp and mobile DoS to users of particular channels, by sending a specially crafted post...

CVE-2016-11067

An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang...

SUSE CVE-2025-41395

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of servi...

CVE-2025-41395

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of servi...

CVE-2025-41395

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of servi...

PT-2024-21966 · Unknown · Genesis Blocks

Name of the Vulnerable Software and Affected Versions: Genesis Blocks versions prior to 3.1.3 Description: The issue allows attackers to conduct Stored XSS attacks by exploiting improperly escaped data input in some of the plugin's blocks, potentially enabling them to create admin accounts via...

DEBIAN-CVE-2021-26263

Cross-site scripting XSS issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents...

UBUNTU-CVE-2021-26263

Cross-site scripting XSS issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents...

Mattermost Server is vulnerable to DoS through maliciously crafted posts

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang...

GHSA-9589-MQ83-F749 Mattermost Server is vulnerable to DoS through maliciously crafted posts

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang...

Mattermost Server is vulnerable to Uncontrolled Resource Consumption

An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang...

GHSA-FFCC-QR2V-3QMV Mattermost Server is vulnerable to Uncontrolled Resource Consumption

An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang...