Page 3 of 11 results (0.003 seconds)
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-6458 – Client side path traversal due to lack of route parameters validation
https://notcve.org/view.php?id=CVE-2023-6458
Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal. La aplicación web Mattermost no puede validar los parámetros de ruta en//channels/, lo que permite a un atacante realizar un path traversal del lado del cliente. • https://mattermost.com/security-updates • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •