CVE-2018-13879
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html.
Se ha descubierto un problema de Cross-Site Scripting (XSS) reflejado en el formulario de registro en Rocket.Chat en versiones anteriores a la 0.66. Cuando se crea una cuenta, el siguiente paso solicitarĂ¡ un nombre de usuario. Este campo no guardarĂ¡ los caracteres de control HTML, pero se mostrarĂ¡ un error que muestra el intento de nombre de usuario sin escapar mediante packages/rocketchat-ui-login/client/username/username.js en packages/rocketchat-ui-login/client/username/username.html.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-10 CVE Reserved
- 2018-07-11 CVE Published
- 2024-04-25 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/RocketChat/Rocket.Chat/issues/10795 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rocket.chat Search vendor "Rocket.chat" | Rocket.chat Search vendor "Rocket.chat" for product "Rocket.chat" | < 0.66 Search vendor "Rocket.chat" for product "Rocket.chat" and version " < 0.66" | - |
Affected
| ||||||