CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-13878

An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.1%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2018-13878

Rocket.chat » Rocket.chat » Version: N/A

cpe:2.3:a:rocket.chat:rocket.chat:-
Rocket.chat » Rocket.chat » Version: 0.10.0

cpe:2.3:a:rocket.chat:rocket.chat:0.10.0
Rocket.chat » Rocket.chat » Version: 0.10.1

cpe:2.3:a:rocket.chat:rocket.chat:0.10.1
Rocket.chat » Rocket.chat » Version: 0.10.2

cpe:2.3:a:rocket.chat:rocket.chat:0.10.2
Rocket.chat » Rocket.chat » Version: 0.11.0

cpe:2.3:a:rocket.chat:rocket.chat:0.11.0
Rocket.chat » Rocket.chat » Version: 0.12.0

cpe:2.3:a:rocket.chat:rocket.chat:0.12.0
Rocket.chat » Rocket.chat » Version: 0.12.1

cpe:2.3:a:rocket.chat:rocket.chat:0.12.1
Rocket.chat » Rocket.chat » Version: 0.13.0

cpe:2.3:a:rocket.chat:rocket.chat:0.13.0
Rocket.chat » Rocket.chat » Version: 0.14.0

cpe:2.3:a:rocket.chat:rocket.chat:0.14.0
Rocket.chat » Rocket.chat » Version: 0.15.0

cpe:2.3:a:rocket.chat:rocket.chat:0.15.0
Rocket.chat » Rocket.chat » Version: 0.16.0

cpe:2.3:a:rocket.chat:rocket.chat:0.16.0
Rocket.chat » Rocket.chat » Version: 0.17.0

cpe:2.3:a:rocket.chat:rocket.chat:0.17.0
Rocket.chat » Rocket.chat » Version: 0.18.0

cpe:2.3:a:rocket.chat:rocket.chat:0.18.0
Rocket.chat » Rocket.chat » Version: 0.18.1

cpe:2.3:a:rocket.chat:rocket.chat:0.18.1
Rocket.chat » Rocket.chat » Version: 0.19.0

cpe:2.3:a:rocket.chat:rocket.chat:0.19.0
Rocket.chat » Rocket.chat » Version: 0.20.0

cpe:2.3:a:rocket.chat:rocket.chat:0.20.0
Rocket.chat » Rocket.chat » Version: 0.21.0

cpe:2.3:a:rocket.chat:rocket.chat:0.21.0
Rocket.chat » Rocket.chat » Version: 0.22.0

cpe:2.3:a:rocket.chat:rocket.chat:0.22.0
Rocket.chat » Rocket.chat » Version: 0.23.0

cpe:2.3:a:rocket.chat:rocket.chat:0.23.0
Rocket.chat » Rocket.chat » Version: 0.24.0

cpe:2.3:a:rocket.chat:rocket.chat:0.24.0
Rocket.chat » Rocket.chat » Version: 0.25.0

cpe:2.3:a:rocket.chat:rocket.chat:0.25.0
Rocket.chat » Rocket.chat » Version: 0.26.0

cpe:2.3:a:rocket.chat:rocket.chat:0.26.0
Rocket.chat » Rocket.chat » Version: 0.27.0

cpe:2.3:a:rocket.chat:rocket.chat:0.27.0
Rocket.chat » Rocket.chat » Version: 0.28.0

cpe:2.3:a:rocket.chat:rocket.chat:0.28.0
Rocket.chat » Rocket.chat » Version: 0.29.0

cpe:2.3:a:rocket.chat:rocket.chat:0.29.0
Rocket.chat » Rocket.chat » Version: 0.30.0

cpe:2.3:a:rocket.chat:rocket.chat:0.30.0
Rocket.chat » Rocket.chat » Version: 0.31.0

cpe:2.3:a:rocket.chat:rocket.chat:0.31.0
Rocket.chat » Rocket.chat » Version: 0.32.0

cpe:2.3:a:rocket.chat:rocket.chat:0.32.0
Rocket.chat » Rocket.chat » Version: 0.33.0

cpe:2.3:a:rocket.chat:rocket.chat:0.33.0
Rocket.chat » Rocket.chat » Version: 0.34.0

cpe:2.3:a:rocket.chat:rocket.chat:0.34.0
Rocket.chat » Rocket.chat » Version: 0.35.0

cpe:2.3:a:rocket.chat:rocket.chat:0.35.0
Rocket.chat » Rocket.chat » Version: 0.36.0

cpe:2.3:a:rocket.chat:rocket.chat:0.36.0
Rocket.chat » Rocket.chat » Version: 0.37.0

cpe:2.3:a:rocket.chat:rocket.chat:0.37.0
Rocket.chat » Rocket.chat » Version: 0.37.1

cpe:2.3:a:rocket.chat:rocket.chat:0.37.1
Rocket.chat » Rocket.chat » Version: 0.38.0

cpe:2.3:a:rocket.chat:rocket.chat:0.38.0
Rocket.chat » Rocket.chat » Version: 0.39.0

cpe:2.3:a:rocket.chat:rocket.chat:0.39.0
Rocket.chat » Rocket.chat » Version: 0.40.0

cpe:2.3:a:rocket.chat:rocket.chat:0.40.0
Rocket.chat » Rocket.chat » Version: 0.40.1

cpe:2.3:a:rocket.chat:rocket.chat:0.40.1
Rocket.chat » Rocket.chat » Version: 0.41.0

cpe:2.3:a:rocket.chat:rocket.chat:0.41.0
Rocket.chat » Rocket.chat » Version: 0.42.0

cpe:2.3:a:rocket.chat:rocket.chat:0.42.0
Rocket.chat » Rocket.chat » Version: 0.43.0

cpe:2.3:a:rocket.chat:rocket.chat:0.43.0
Rocket.chat » Rocket.chat » Version: 0.44.0

cpe:2.3:a:rocket.chat:rocket.chat:0.44.0
Rocket.chat » Rocket.chat » Version: 0.45.0

cpe:2.3:a:rocket.chat:rocket.chat:0.45.0
Rocket.chat » Rocket.chat » Version: 0.46.0

cpe:2.3:a:rocket.chat:rocket.chat:0.46.0
Rocket.chat » Rocket.chat » Version: 0.47.0

cpe:2.3:a:rocket.chat:rocket.chat:0.47.0
Rocket.chat » Rocket.chat » Version: 0.47.1

cpe:2.3:a:rocket.chat:rocket.chat:0.47.1
Rocket.chat » Rocket.chat » Version: 0.48.0

cpe:2.3:a:rocket.chat:rocket.chat:0.48.0
Rocket.chat » Rocket.chat » Version: 0.48.1

cpe:2.3:a:rocket.chat:rocket.chat:0.48.1
Rocket.chat » Rocket.chat » Version: 0.48.2

cpe:2.3:a:rocket.chat:rocket.chat:0.48.2
Rocket.chat » Rocket.chat » Version: 0.49.0

cpe:2.3:a:rocket.chat:rocket.chat:0.49.0
Rocket.chat » Rocket.chat » Version: 0.49.1

cpe:2.3:a:rocket.chat:rocket.chat:0.49.1
Rocket.chat » Rocket.chat » Version: 0.49.2

cpe:2.3:a:rocket.chat:rocket.chat:0.49.2
Rocket.chat » Rocket.chat » Version: 0.49.3

cpe:2.3:a:rocket.chat:rocket.chat:0.49.3
Rocket.chat » Rocket.chat » Version: 0.49.4

cpe:2.3:a:rocket.chat:rocket.chat:0.49.4
Rocket.chat » Rocket.chat » Version: 0.50.0

cpe:2.3:a:rocket.chat:rocket.chat:0.50.0
Rocket.chat » Rocket.chat » Version: 0.50.1

cpe:2.3:a:rocket.chat:rocket.chat:0.50.1
Rocket.chat » Rocket.chat » Version: 0.51.0

cpe:2.3:a:rocket.chat:rocket.chat:0.51.0
Rocket.chat » Rocket.chat » Version: 0.52.0

cpe:2.3:a:rocket.chat:rocket.chat:0.52.0
Rocket.chat » Rocket.chat » Version: 0.53.0

cpe:2.3:a:rocket.chat:rocket.chat:0.53.0
Rocket.chat » Rocket.chat » Version: 0.54.0

cpe:2.3:a:rocket.chat:rocket.chat:0.54.0
Rocket.chat » Rocket.chat » Version: 0.54.1

cpe:2.3:a:rocket.chat:rocket.chat:0.54.1
Rocket.chat » Rocket.chat » Version: 0.54.2

cpe:2.3:a:rocket.chat:rocket.chat:0.54.2
Rocket.chat » Rocket.chat » Version: 0.55.0

cpe:2.3:a:rocket.chat:rocket.chat:0.55.0
Rocket.chat » Rocket.chat » Version: 0.55.1

cpe:2.3:a:rocket.chat:rocket.chat:0.55.1
Rocket.chat » Rocket.chat » Version: 0.56.0

cpe:2.3:a:rocket.chat:rocket.chat:0.56.0
Rocket.chat » Rocket.chat » Version: 0.57.0

cpe:2.3:a:rocket.chat:rocket.chat:0.57.0
Rocket.chat » Rocket.chat » Version: 0.57.1

cpe:2.3:a:rocket.chat:rocket.chat:0.57.1
Rocket.chat » Rocket.chat » Version: 0.57.2

cpe:2.3:a:rocket.chat:rocket.chat:0.57.2
Rocket.chat » Rocket.chat » Version: 0.57.3

cpe:2.3:a:rocket.chat:rocket.chat:0.57.3
Rocket.chat » Rocket.chat » Version: 0.57.4

cpe:2.3:a:rocket.chat:rocket.chat:0.57.4
Rocket.chat » Rocket.chat » Version: 0.58.0

cpe:2.3:a:rocket.chat:rocket.chat:0.58.0
Rocket.chat » Rocket.chat » Version: 0.58.1

cpe:2.3:a:rocket.chat:rocket.chat:0.58.1
Rocket.chat » Rocket.chat » Version: 0.58.2

cpe:2.3:a:rocket.chat:rocket.chat:0.58.2
Rocket.chat » Rocket.chat » Version: 0.58.3

cpe:2.3:a:rocket.chat:rocket.chat:0.58.3
Rocket.chat » Rocket.chat » Version: 0.58.4

cpe:2.3:a:rocket.chat:rocket.chat:0.58.4
Rocket.chat » Rocket.chat » Version: 0.59.0

cpe:2.3:a:rocket.chat:rocket.chat:0.59.0
Rocket.chat » Rocket.chat » Version: 0.59.1

cpe:2.3:a:rocket.chat:rocket.chat:0.59.1
Rocket.chat » Rocket.chat » Version: 0.59.2

cpe:2.3:a:rocket.chat:rocket.chat:0.59.2
Rocket.chat » Rocket.chat » Version: 0.59.3

cpe:2.3:a:rocket.chat:rocket.chat:0.59.3
Rocket.chat » Rocket.chat » Version: 0.59.4

cpe:2.3:a:rocket.chat:rocket.chat:0.59.4
Rocket.chat » Rocket.chat » Version: 0.59.5

cpe:2.3:a:rocket.chat:rocket.chat:0.59.5
Rocket.chat » Rocket.chat » Version: 0.59.6

cpe:2.3:a:rocket.chat:rocket.chat:0.59.6
Rocket.chat » Rocket.chat » Version: 0.60.0

cpe:2.3:a:rocket.chat:rocket.chat:0.60.0
Rocket.chat » Rocket.chat » Version: 0.60.1

cpe:2.3:a:rocket.chat:rocket.chat:0.60.1
Rocket.chat » Rocket.chat » Version: 0.60.2

cpe:2.3:a:rocket.chat:rocket.chat:0.60.2
Rocket.chat » Rocket.chat » Version: 0.60.3

cpe:2.3:a:rocket.chat:rocket.chat:0.60.3
Rocket.chat » Rocket.chat » Version: 0.60.4

cpe:2.3:a:rocket.chat:rocket.chat:0.60.4
Rocket.chat » Rocket.chat » Version: 0.61.0

cpe:2.3:a:rocket.chat:rocket.chat:0.61.0
Rocket.chat » Rocket.chat » Version: 0.61.1

cpe:2.3:a:rocket.chat:rocket.chat:0.61.1
Rocket.chat » Rocket.chat » Version: 0.61.2

cpe:2.3:a:rocket.chat:rocket.chat:0.61.2
Rocket.chat » Rocket.chat » Version: 0.62.0

cpe:2.3:a:rocket.chat:rocket.chat:0.62.0
Rocket.chat » Rocket.chat » Version: 0.62.1

cpe:2.3:a:rocket.chat:rocket.chat:0.62.1
Rocket.chat » Rocket.chat » Version: 0.62.2

cpe:2.3:a:rocket.chat:rocket.chat:0.62.2
Rocket.chat » Rocket.chat » Version: 0.63.0

cpe:2.3:a:rocket.chat:rocket.chat:0.63.0
Rocket.chat » Rocket.chat » Version: 0.63.1

cpe:2.3:a:rocket.chat:rocket.chat:0.63.1
Rocket.chat » Rocket.chat » Version: 0.63.2

cpe:2.3:a:rocket.chat:rocket.chat:0.63.2
Rocket.chat » Rocket.chat » Version: 0.63.3

cpe:2.3:a:rocket.chat:rocket.chat:0.63.3
Rocket.chat » Rocket.chat » Version: 0.64.0

cpe:2.3:a:rocket.chat:rocket.chat:0.64.0
Rocket.chat » Rocket.chat » Version: 0.64.1

cpe:2.3:a:rocket.chat:rocket.chat:0.64.1
Rocket.chat » Rocket.chat » Version: 0.64.2

cpe:2.3:a:rocket.chat:rocket.chat:0.64.2
Rocket.chat » Rocket.chat » Version: 0.8.0

cpe:2.3:a:rocket.chat:rocket.chat:0.8.0
Rocket.chat » Rocket.chat » Version: 0.9.0

cpe:2.3:a:rocket.chat:rocket.chat:0.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-13878

Products

Pricing

Contact Us