Filtered by vendor Mattermost Subscriptions
Filtered by product Mattermost Server Subscriptions
Total 215 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-11080 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 Medium
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.
CVE-2016-11079 1 Mattermost 1 Mattermost Server 2024-11-21 6.1 Medium
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.
CVE-2016-11078 1 Mattermost 1 Mattermost Server 2024-11-21 6.5 Medium
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.
CVE-2016-11077 1 Mattermost 1 Mattermost Server 2024-11-21 2.7 Low
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
CVE-2016-11076 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
CVE-2016-11075 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.
CVE-2016-11074 1 Mattermost 1 Mattermost Server 2024-11-21 9.8 Critical
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
CVE-2016-11073 1 Mattermost 1 Mattermost Server 2024-11-21 6.1 Medium
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.
CVE-2016-11072 1 Mattermost 1 Mattermost Server 2024-11-21 6.5 Medium
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.
CVE-2016-11071 1 Mattermost 1 Mattermost Server 2024-11-21 6.1 Medium
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
CVE-2016-11070 1 Mattermost 1 Mattermost Server 2024-11-21 5.4 Medium
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.
CVE-2016-11069 1 Mattermost 1 Mattermost Server 2024-11-21 7.5 High
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.
CVE-2016-11068 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.
CVE-2016-11067 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
CVE-2016-11066 1 Mattermost 1 Mattermost Server 2024-11-21 7.5 High
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
CVE-2016-11065 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 Medium
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.
CVE-2016-11063 1 Mattermost 1 Mattermost Server 2024-11-21 6.1 Medium
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.
CVE-2016-11062 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.
CVE-2015-9548 1 Mattermost 1 Mattermost Server 2024-11-21 7.5 High
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
CVE-2024-36250 1 Mattermost 1 Mattermost Server 2024-11-14 3.1 Low
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds