Cross-Site Scripting in Mattermost Server by Mattermost
CVE-2016-11084

6.1MEDIUM

Key Information:

Vendor: Mattermost
Status: Mattermost Server
Vendor: CVE Published:; 19 June 2020

What is CVE-2016-11084?

An issue in Mattermost Server versions prior to 2.1.0 enables Cross-Site Scripting through Cross-Site Request Forgery (CSRF). This vulnerability can potentially allow an attacker to execute arbitrary scripts in a user's context, compromising the security of the affected user accounts.

References

https://mattermost.com/security-updates/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2020
Vulnerability Reserved
Jun 19, 2020