Rocket.Chat 跨站脚本漏洞

Rocket.Chat is an open source team chat software. Chat suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the chat window, which can be exploited by an attacker to manipulate its style, block functionality, and...

Rocket.Chat: Persistent CSS injection with ’marked’ markdown parser in Rocket.Chat

Summary: Rocket.Chat offers two different markdown parsers out of the box: the ’orginal’ one and the ’marked’ one. Both markdown parsers offer a different set of features with different re- strictions. Due to more loose restrictions in the ’marked’ parser, a persistent CSS injection in the web...