Mattermost Server does not neutralize HTML content in an Email template field

GHSA-wj5w-qghh-gvqp · CVE-2017-18892 · GO-2026-4317

Published May 24, 2022 · Modified Feb 3, 2026

Description

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-18892
WEB https://github.com/mattermost/mattermost/commit/4e05fbffed4d7ad75c0bb55d67d2c6f7cf9eaad6
WEB https://github.com/mattermost/mattermost/commit/d76946bdb545aba4088943fc523dabb459d22873
WEB https://github.com/mattermost/mattermost/commit/f5167f3ba645b829f4c28530e13be6c3db967255
PACKAGE https://github.com/mattermost/mattermost
WEB https://mattermost.com/security-updates

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes