CVE-2020-8292
CVE-2020-8292 affects Rocket.Chat server prior to 3.9.0, vulnerable to a self‑XSS via the drag-and-drop in message boxes. The issue is described across multiple sources as a client‑side XSS that can be triggered by a user action, with potential for session-related impact (per HackerOne report) if...