Lucene search

MitreVULNRICHMENT:CVE-2024-47048

HistorySep 24, 2024 - 12:00 a.m.

CVE-2024-47048

2024-09-2400:00:00

mitre

github.com

rocket.chat

stored xss

marketplace

private apps

security vulnerability

cve-2024-47048

AI Score

5.9

Confidence

High

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps.

References

docs.rocket.chat/docs/rocketchat-security-fixes-updates-and-advisories

github.com/RocketChat/Rocket.Chat/pull/33246