MEDIUM 6.1 Go
Mattermost Server is vulnerable to XSS through display name field
GHSA-887v-xh2x-47cm · CVE-2017-18893 · GO-2026-4296
Published · Modified
Description
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-18893
- WEB https://github.com/mattermost/mattermost/commit/2a4d88d07c5815deac103e109550d25338507151
- WEB https://github.com/mattermost/mattermost/commit/670bfbf62686ebe9f2ab332733d851a62b6950b0
- WEB https://github.com/mattermost/mattermost/commit/d0b42b9e527e93a61fd06a9b9106fc97067807e4
- PACKAGE https://github.com/mattermost/mattermost
- WEB https://mattermost.com/security-updates
Ready to move
Start Securing
Free, no credit card | First findings in minutes