Rocket.chat: >> Rocket.chat >> 3.10.3 Security Vulnerabilities
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.
CVSS Score
7.5
EPSS Score
0.009
Published
2021-05-27
Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-03-26
Page 4