Filtered by vendor Rocketchat Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-1000054 1 Rocketchat 1 Rocket.chat 2024-11-21 N/A
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
CVE-2024-42027 1 Rocketchat 1 Rocket.chat 2024-10-07 6.7 Medium
The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.
CVE-2024-46936 1 Rocketchat 1 Rocket.chat 2024-09-26 7.5 High
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.