CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11071
https://notcve.org/view.php?id=CVE-2016-11071
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. Se detectó un problema en Mattermost Server versiones anteriores a 3.1.0. Permite un ataque de tipo XSS porque los mecanismos de protección noreferrer y noopener no estaban en su lugar • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11070
https://notcve.org/view.php?id=CVE-2016-11070
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. Se detectó un problema en Mattermost Server versiones anteriores a 3.1.0. Permite un ataque de tipo XSS por medio de valores de código de color del tema • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11069
https://notcve.org/view.php?id=CVE-2016-11069
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. Se detectó un problema en Mattermost Server versiones anteriores a 3.2.0. Maneja inapropiadamente los intentos de fuerza bruta en el cambio de contraseña • https://mattermost.com/security-updates • CWE-521: Weak Password Requirements •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11068
https://notcve.org/view.php?id=CVE-2016-11068
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. Se detectó un problema en Mattermost Server versiones anteriores a 3.2.0. Los atacantes podían leer los campos LDAP mediante inyección • https://mattermost.com/security-updates • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-11067
https://notcve.org/view.php?id=CVE-2016-11067
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. Se detectó un problema en Mattermost Server versiones anteriores a 3.2.0. Permitió publicaciones diseñadas que podrían hacer que un navegador web se bloquee • https://mattermost.com/security-updates • CWE-20: Improper Input Validation •