MEDIUM 6.1 Go
Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution
GHSA-rm24-25xm-9454 · CVE-2016-11083 · GO-2025-4065
Published · Modified
Description
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.
Ready to move
Start Securing
Free, no credit card | First findings in minutes