Cross-Site Scripting in Mattermost Server Pre-2.2.0
CVE-2016-11082

6.1MEDIUM

Key Information:

Vendor
Mattermost
Vendor
CVE Published:
19 June 2020

Summary

A vulnerability has been found in Mattermost Server versions prior to 2.2.0 that allows attackers to execute cross-site scripting (XSS) through crafted links. This flaw enables malicious users to potentially manipulate webpage content, leading to unauthorized access or data theft. Users are strongly advised to upgrade to the latest version to mitigate risks associated with this vulnerability.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.