Page 13 of 199 results (0.014 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. Se detectó un problema en Mattermost Server versiones anteriores a 2.2.0. Permite un ataque de tipo XSS por medio de un enlace diseñado • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. Se detectó un problema en Mattermost Server versiones anteriores a 2.2.0. Permite el acceso no deseado a una información almacenada por un navegador web • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Ofrece unas API superfluas para que un administrador del equipo visualice los detalles de la cuenta • https://mattermost.com/security-updates • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite un ataque de tipo XSS por medio de una URL de redireccionamiento • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Permite potencialmente a atacantes obtener información confidencial (campos de credenciales dentro de config.json) por medio de la Interfaz de Usuario de la consola del sistema • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •