CVE-2016-11082
https://notcve.org/view.php?id=CVE-2016-11082
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. Se detectó un problema en Mattermost Server versiones anteriores a 2.2.0. Permite un ataque de tipo XSS por medio de un enlace diseñado • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-11081
https://notcve.org/view.php?id=CVE-2016-11081
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. Se detectó un problema en Mattermost Server versiones anteriores a 2.2.0. Permite el acceso no deseado a una información almacenada por un navegador web • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-11080
https://notcve.org/view.php?id=CVE-2016-11080
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Ofrece unas API superfluas para que un administrador del equipo visualice los detalles de la cuenta • https://mattermost.com/security-updates • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2016-11079
https://notcve.org/view.php?id=CVE-2016-11079
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite un ataque de tipo XSS por medio de una URL de redireccionamiento • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-11078
https://notcve.org/view.php?id=CVE-2016-11078
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite potencialmente a atacantes obtener información confidencial (campos de credenciales dentro de config.json) por medio de la Interfaz de Usuario de la consola del sistema • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •