Shodan
Vulnerabilities
Vulnerable Software
Mattermost:  >> Mattermost Server  Security Vulnerabilities
CVE-2021-37863
Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post.
CVSS Score
3.5
EPSS Score
0.006
Published
2021-12-17
CVE-2016-11084
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-06-19
CVE-2017-18905
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18906
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.
CVSS Score
8.1
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18907
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18908
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18913
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18914
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
CVE-2017-18915
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-19
CVE-2017-18916
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved