[RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection

January 19, 2017 007admin

Posted by Julien Ahrens on Jan 19

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Mattermost
Vendor URL: www.mattermost.org
Type: Cross-Site Scripting [CWE-79]
Date found: 02/12/2016
Date published: 16/01/2017
CVSSv3 Score: 4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
CVE: –

2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE…

007 Software

[RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection

Software and Security Information