CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2021-22886
https://notcve.org/view.php?id=CVE-2021-22886
Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app. Rocket.Chat versiones anteriores a 3.11, 3.10.5, 3.9.7, 3.8.8, es vulnerable a ataques de tipo cross-site scripting (XSS) persistente que usan etiquetas markdown anidadas que permiten a un atacante remoto inyectar JavaScript arbitrario en un mensaje. Este fallo conlleva a una lectura de archivos arbitraria y una RCE en la aplicación de escritorio Rocket.Chat. • https://docs.rocket.chat/guides/security/security-updates https://github.com/RocketChat/Rocket.Chat/pull/20430 https://hackerone.com/reports/1014459 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8292
https://notcve.org/view.php?id=CVE-2020-8292
Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes. Un servidor Rocket.Chat versiones anteriores a 3.9.0, es susceptible a una vulnerabilidad de tipo cross-site scripting (XSS) propio por medio de la funcionalidad drag & drop en los cuadros de mensaje • https://docs.rocket.chat/guides/security/security-updates https://hackerone.com/reports/962902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8288
https://notcve.org/view.php?id=CVE-2020-8288
The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter. La función "SpecialtyRendering" en el servidor Rocket.Chat versiones anteriores a 3.9.2, permite una vulnerabilidad de tipo cross-site scripting (XSS) mediante el parámetro "value" • https://docs.rocket.chat/guides/security/security-updates https://hackerone.com/reports/899954 https://rocket.chat/xss-vulnerability-hotfix-available-for-all-affected-versions • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 6CVE-2020-28208 – Rocket.Chat 3.7.1 Email Address Enumeration
https://notcve.org/view.php?id=CVE-2020-28208
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1. Se presenta una vulnerabilidad de enumeración de direcciones de correo electrónico en la función password reset de Rocket.Chat versiones hasta 3.9.1 Rocket.Chat versions 3.7.1 and below suffers from an email address enumeration vulnerability. • http://packetstormsecurity.com/files/160845/Rocket.Chat-3.7.1-Email-Address-Enumeration.html http://seclists.org/fulldisclosure/2021/Jan/32 http://seclists.org/fulldisclosure/2021/Jan/43 http://www.openwall.com/lists/oss-security/2021/01/07/1 http://www.openwall.com/lists/oss-security/2021/01/08/1 http://www.openwall.com/lists/oss-security/2021/01/13/1 https://trovent.github.io/security-advisories/TRSA-2010-01/TRSA-2010-01.txt https://trovent.io/security-advisory-201 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-29594
https://notcve.org/view.php?id=CVE-2020-29594
Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. Rocket.Chat versiones anteriores a 0.74.4, versiones 1.x anteriores a 1.3.4, versiones 2.x anteriores a 2.4.13, versiones 3.x anteriores a 3.7.3, versiones 3.8.x anteriores a 3.8.3 y versiones 3.9.x anteriores a 3.9.1, maneja inapropiadamente el inicio de sesión de SAML. • https://github.com/RocketChat/Rocket.Chat/compare/3.8.2...3.8.3 https://github.com/RocketChat/Rocket.Chat/releases/tag/3.9.1 •