Mattermost: >> Mattermost Server Security Vulnerabilities
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-06-19
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-19