Shodan
Vulnerabilities
Vulnerable Software
Rocket.chat:  Security Vulnerabilities
CVE-2022-21830
A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-04-01
CVE-2020-8291
A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-18
CVE-2021-32832
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.
CVSS Score
4.3
EPSS Score
0.01
Published
2021-08-30
CVE-2021-22910
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
CVSS Score
9.8
EPSS Score
0.018
Published
2021-08-09
CVE-2020-26763
The Rocket.Chat desktop application 2.17.11 opens external links without user interaction.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-07-05
CVE-2021-22911
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
CVSS Score
9.8
EPSS Score
0.923
Published
2021-05-27
CVE-2021-22892
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.
CVSS Score
7.5
EPSS Score
0.014
Published
2021-05-27
CVE-2021-22886
Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app.
CVSS Score
6.1
EPSS Score
0.008
Published
2021-03-26
CVE-2020-8288
The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-01-26
CVE-2020-8292
Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-01-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved