Cross-Site Scripting Vulnerability in Mattermost Server
CVE-2016-11079

6.1MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost Server
Vendor: CVE Published:; 19 June 2020

Summary

A vulnerability has been identified in Mattermost Server prior to version 3.0.0, which allows attackers to exploit cross-site scripting (XSS) through a manipulated redirect URL. This flaw can lead to unauthorized access and manipulation of user data, posing significant security risks. Users of affected versions are advised to apply the latest security updates to mitigate potential attacks.

References

https://mattermost.com/security-updates/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 19, 2020
Vulnerability Reserved
Jun 19, 2020