CVE-2017-1000054
Rocket.Chat 0.8.0 and newer is affected by an XSS in the markdown link parsing code for messages. The vulnerability enables injection of arbitrary JavaScript into a victim’s browser, with potential token/session theft and unauthorized actions if a user views the affected content. Multiple sources...