Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks against the users of the Mattermost server.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates |
History
Fri, 13 Dec 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost
Mattermost mattermost Server |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mattermost
Mattermost mattermost Server |
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-03-15T09:19:50.127Z
Updated: 2024-08-01T19:11:53.602Z
Reserved: 2024-03-14T11:40:19.218Z
Link: CVE-2024-2445
Vulnrichment
Updated: 2024-08-01T19:11:53.602Z
NVD
Status : Analyzed
Published: 2024-03-15T10:15:07.923
Modified: 2024-12-13T17:15:49.207
Link: CVE-2024-2445
Redhat
No data.