Filtered by vendor Mattermost
Subscriptions
Filtered by product Mattermost Server
Subscriptions
Total
206 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-11084 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. | ||||
| CVE-2016-11070 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 5.4 Medium |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. | ||||
| CVE-2016-11079 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. | ||||
| CVE-2016-11063 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. | ||||
| CVE-2016-11066 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 7.5 High |
| An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information. | ||||
| CVE-2016-11067 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. | ||||
| CVE-2016-11062 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. | ||||
| CVE-2016-11072 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 6.5 Medium |
| An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. | ||||
| CVE-2016-11082 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. | ||||
| CVE-2016-11074 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 9.8 Critical |
| An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. | ||||
| CVE-2016-11075 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. | ||||
| CVE-2016-11069 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 7.5 High |
| An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. | ||||
| CVE-2016-11065 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance. | ||||
| CVE-2016-11068 | 1 Mattermost | 1 Mattermost Server | 2024-08-06 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. | ||||
| CVE-2017-18921 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page. | ||||
| CVE-2017-18920 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 9.8 Critical |
| An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. | ||||
| CVE-2017-18914 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. | ||||
| CVE-2017-18879 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment. | ||||
| CVE-2017-18919 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation. | ||||
| CVE-2017-18892 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized. | ||||