Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
6.1CVSS
6AI Score
0.001EPSS
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.
6.5CVSS
6.3AI Score
0.003EPSS