Lucene search

MitreVULNRICHMENT:CVE-2024-46934

HistorySep 24, 2024 - 12:00 a.m.

CVE-2024-46934

2024-09-2400:00:00

mitre

github.com

rocket.chat

dom-based cross-site scripting

xss

cve-2024-46934

updateotrack

message forgery

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

17.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload.

References

docs.rocket.chat/docs/rocketchat-security-fixes-updates-and-advisories

github.com/RocketChat/Rocket.Chat/pull/33246