Lucene search

MitreVULNRICHMENT:CVE-2024-45621

HistorySep 02, 2024 - 12:00 a.m.

CVE-2024-45621

2024-09-0200:00:00

mitre

github.com

rocket.chat

electron

xss

pdf

vulnerability

AI Score

5.7

Confidence

High

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents.

References

github.com/RocketChat/Rocket.Chat/releases/tag/6.3.4

hackerone.com/reports/1967109