Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Rocket.chat'
2021-10-18
CVE-2020-8291
CWE-79
A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.
2021-08-09
CVE-2021-22910
CWE-74
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
2021-07-05
CVE-2020-26763
NVD-CWE-noinfo
The Rocket.Chat desktop application 2.17.11 opens external links without user interaction.
2021-03-26
CVE-2021-22886
CWE-79
Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app.
2021-01-26
CVE-2020-8292
CWE-79
Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.
CVE-2020-8288
CWE-79
The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.
2021-01-08
CVE-2020-28208
CWE-203
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.
2020-12-30
CVE-2020-29594
NVD-CWE-noinfo
Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login.
2020-08-18
CVE-2020-15926
CWE-79
Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side.
2018-01-02
CVE-2017-1000493
CWE-74
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover
Copyright
2024
, cxsecurity.com
Back to Top