2 matches found
CVE-2022-1002 HTML Injection while inviting Guests
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations...
CVE-2022-0708 Team Creator's Email Address is disclosed to Team Members via one of the APIs
Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure...