CVE-2016-11084
https://notcve.org/view.php?id=CVE-2016-11084
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. Se detectó un problema en Mattermost Server versiones anteriores a 2.1.0. Permite un ataque de tipo XSS por medio de un problema tipo CSRF • https://mattermost.com/security-updates • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-11083
https://notcve.org/view.php?id=CVE-2016-11083
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. Se detectó un problema en Mattermost Server versiones anteriores a 2.2.0. Permite un ataque de tipo XSS porque configura archivos para que sean abiertos en una ventana del navegador • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-11082
https://notcve.org/view.php?id=CVE-2016-11082
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. Se detectó un problema en Mattermost Server versiones anteriores a 2.2.0. Permite un ataque de tipo XSS por medio de un enlace diseñado • https://mattermost.com/security-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-11081
https://notcve.org/view.php?id=CVE-2016-11081
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. Se detectó un problema en Mattermost Server versiones anteriores a 2.2.0. Permite el acceso no deseado a una información almacenada por un navegador web • https://mattermost.com/security-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-11080
https://notcve.org/view.php?id=CVE-2016-11080
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. Se detectó un problema en Mattermost Server versiones anteriores a 3.0.0. Ofrece unas API superfluas para que un administrador del equipo visualice los detalles de la cuenta • https://mattermost.com/security-updates • CWE-732: Incorrect Permission Assignment for Critical Resource •