2 matches found
CVE-2020-8292
Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting XSS vulnerability via the drag & drop functionality in message boxes...
Code injection
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service memory error or possibly have unspecified other impact via vectors related to the "drag + drop" functionality...