XSS Vulnerability in Mattermost Server Affecting Versions Prior to 3.0.0
CVE-2016-11073

6.1MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost Server
Vendor: CVE Published:; 19 June 2020

Summary

A Cross-Site Scripting (XSS) vulnerability has been identified in Mattermost Server versions prior to 3.0.0. This issue allows for the execution of malicious scripts through exploitation of the Legal or Support setting in the platform. If successfully executed, attackers can potentially manipulate user sessions or steal sensitive data, significantly compromising user security. Users are advised to upgrade to the latest version to mitigate this risk.

References

https://mattermost.com/security-updates/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 19, 2020
Vulnerability Reserved
Jun 19, 2020