CVE-2024-46934

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting XSS. Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload...

CVE-2024-46934

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting XSS. Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload...

CVE-2024-46936

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose...

CVE-2024-46936

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat program from Rocket.Chat Inc. A security vulnerability exists in Rocket.Chat. An attacker exploiting this vulnerability is able to abuse the UpdateOTRAck method. The following versions are affected: version 6.12.0, version 6.11.2, version 6.10.5, version 6.9.6, version 6.8.6...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat program from Rocket.Chat Inc. A security vulnerability exists in Rocket.Chat. An attacker exploiting this vulnerability can abuse the UpdateOTRAck method to send temporary messages. The following versions are affected: version 6.12.0, version 6.11.2, version 6.10.5, version...

CVE-2024-46934

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting XSS. Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload...

CVE-2024-46934

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting XSS. Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload...

CVE-2024-46936

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose...

CVE-2024-46936

CVE-2024-46936 affects Rocket.Chat versions 6.7.8 through 6.12.0 (and prior) per multiple records. The issue allows message forgery/impersonation by abusing the UpdateOTRAck method to send ephemeral messages as if from any selected user. The common root cause is improper authorization/validation ...

PT-2024-32285 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions 6.12.0 and earlier Description: The issue is related to DOM-based Cross-site Scripting XSS. Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload. Recommendations: For...

CVE-2024-46936

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose...

CVE-2024-46934

Rocket.Chat d: CVE-2024-46934 affects Rocket.Chat versions 6.12.0 and earlier. The root cause is a DOM-based Cross-site Scripting (XSS) flaw exploited via the UpdateOTRAck method to forge messages containing an XSS payload. Documented versions across multiple feeds include 6.12.0, 6.11.2, 6.10.5...