Description
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2016-2060 | An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. |
Github GHSA |
GHSA-h3qg-w9j5-wh3m | Mattermost Server is vulnerable to XSS through lack of link relationship attributes `noreferrer` and `noopener` |
References
| Link | Providers |
|---|---|
| https://mattermost.com/security-updates/ |
|
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T03:47:34.901Z
Reserved: 2020-06-19T00:00:00.000Z
Link: CVE-2016-11071
No data.
Status : Modified
Published: 2020-06-19T20:15:11.273
Modified: 2026-06-17T00:40:56.490
Link: CVE-2016-11071
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD
Github GHSA