Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
History

Fri, 06 Dec 2024 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2022-03-18T18:00:22

Updated: 2024-12-06T23:10:17.690Z

Reserved: 2022-03-17T00:00:00

Link: CVE-2022-1002

cve-icon Vulnrichment

Updated: 2024-08-02T23:47:42.975Z

cve-icon NVD

Status : Modified

Published: 2022-03-18T18:15:12.067

Modified: 2024-11-21T06:39:50.143

Link: CVE-2022-1002

cve-icon Redhat

No data.