CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-13523

Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.1%

CVSS Severity

CVSS v3 Score 7.7

References

https://mattermost.com/security-updates

Products affected by CVE-2025-13523

Mattermost » Confluence » Version: Any

cpe:2.3:a:mattermost:confluence:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-13523

Products

Pricing

Contact Us