Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Dec 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-03-18T18:00:22
Updated: 2024-12-06T23:10:17.690Z
Reserved: 2022-03-17T00:00:00
Link: CVE-2022-1002
Vulnrichment
Updated: 2024-08-02T23:47:42.975Z
NVD
Status : Modified
Published: 2022-03-18T18:15:12.067
Modified: 2024-11-21T06:39:50.143
Link: CVE-2022-1002
Redhat
No data.