{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2017-05-06T00:00:00.000Z", "datePublic": "2017-07-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-13T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.theblazehen.com/posts/CVE-2017-xxxxxx-rocketchat-xss-with-markdown-url-handling-in-messages/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2017-05-06T20:43:28.303962", "ID": "CVE-2017-1000054", "REQUESTER": "theblazehen@theblazehen.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.theblazehen.com/posts/CVE-2017-xxxxxx-rocketchat-xss-with-markdown-url-handling-in-messages/", "refsource": "MISC", "url": "https://www.theblazehen.com/posts/CVE-2017-xxxxxx-rocketchat-xss-with-markdown-url-handling-in-messages/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:53:06.211Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.theblazehen.com/posts/CVE-2017-xxxxxx-rocketchat-xss-with-markdown-url-handling-in-messages/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000054", "datePublished": "2017-07-13T20:00:00.000Z", "dateReserved": "2017-07-10T00:00:00.000Z", "dateUpdated": "2024-08-05T21:53:06.211Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF613F17-D4DA-47C2-92B9-A03762409266", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "9B1F5D57-8DE5-4007-BB4B-BCF7712704E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CA12B02-8256-478E-8979-085033689C26", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "4A13209C-A0DE-4933-8F75-E5E552B0D911", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "A09462FD-7DA0-4F39-8CE4-83FE4CDDC56F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A3CB778-9518-4BE2-A7DF-E31CADF72D93", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "5BDB79A5-D83C-4F17-BD74-5CF7EF394FDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "1CFB2D52-5E32-4962-B999-FD878D3EACDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E057DD1-5A2C-48D7-B0EE-610AFEC5D977", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A405C9F-A862-4A65-820B-5464501C14B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C4136EB-315F-42C9-BBFB-CABC9D6BC4F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "4F9F418B-9BF7-43D5-A971-0DF847DF7277", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "605DE665-18E6-4E77-9E21-6ACE13715747", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.18.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E51EDED-8576-4D30-A65B-5B6570E09902", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.18.1:*:*:*:*:*:*:*", "matchCriteriaId": "9E6002C4-B504-4734-8991-ACCC98004322", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFD2FFFD-8CAF-4EEB-A8C1-F91E6D6FBA54", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4292722-2628-40A8-AB1F-B9651561BF96", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.21.0:*:*:*:*:*:*:*", "matchCriteriaId": "56B1C015-BB14-4FF7-920A-95FD19791EE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "6398A7AA-31F4-4F3E-A9BC-192A7BAF1290", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A97AD43-7079-450A-B63A-047D969F0FA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA5017E5-E028-4C41-87EE-D7E4253DD75F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.25.0:*:*:*:*:*:*:*", "matchCriteriaId": "022F782A-4CF6-4DE2-92A2-402CABEBA855", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.26.0:*:*:*:*:*:*:*", "matchCriteriaId": "23F9A7ED-C75F-4E73-8ACE-5A1CFD08576A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.27.0:*:*:*:*:*:*:*", "matchCriteriaId": "CF0FD7DD-6957-4DED-B454-A2C8097E21EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "019CCA80-45D0-4583-9ED5-1226E6A599C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.29.0:*:*:*:*:*:*:*", "matchCriteriaId": "48CDC0BF-EDEC-4791-8044-2ADB6F55F16A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.30.0:*:*:*:*:*:*:*", "matchCriteriaId": "EBFC2DE9-0173-4832-B70C-935CF76C9246", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3620536-7C42-404C-B700-54ACA911C322", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.32.0:*:*:*:*:*:*:*", "matchCriteriaId": "43928E9D-27A9-4885-8674-C96F71A7C6E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.33.0:*:*:*:*:*:*:*", "matchCriteriaId": "82E215C8-8F24-4C3A-9A87-171D193399F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B297B25-8EA9-4F71-A95D-2881C013F687", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "50D4D2A8-3F4D-4BC0-8207-7FDDB03234D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.36.0:*:*:*:*:*:*:*", "matchCriteriaId": "17E40487-EED3-4E63-AC5B-21A20150E5DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.37.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3E6B455-7374-428C-9A8C-1396E030A69C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.37.1:*:*:*:*:*:*:*", "matchCriteriaId": "E024BC91-C485-4AF7-A493-7E45C6C041A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.38.0:*:*:*:*:*:*:*", "matchCriteriaId": "09E694FC-CED3-4CA7-B61A-A57BFED5D94A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F9A3A69-DB5E-4A56-91ED-58F74FFD39E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.40.1:*:*:*:*:*:*:*", "matchCriteriaId": "787BEB5F-FEC7-4389-8E78-91919651B6CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.41.0:*:*:*:*:*:*:*", "matchCriteriaId": "8AD3A6BD-11D5-41E5-923A-894128E29A26", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.42.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C6717EB-C447-4E9E-922B-ACFF6353EA03", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.43.0:*:*:*:*:*:*:*", "matchCriteriaId": "21AEEC3F-A07C-4065-BAD8-F15F7A4D245C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.44.0:*:*:*:*:*:*:*", "matchCriteriaId": "084BE169-F602-4D09-A53A-B617F3AF877A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.45.0:*:*:*:*:*:*:*", "matchCriteriaId": "969032CA-69E2-4B56-A5DC-090998B64153", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.46.0:*:*:*:*:*:*:*", "matchCriteriaId": "93DB4DF8-43CF-4710-86BB-083FF4619534", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.47.0:*:*:*:*:*:*:*", "matchCriteriaId": "0409F829-EB84-4BC3-8519-51AAFE48481C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.47.1:*:*:*:*:*:*:*", "matchCriteriaId": "2CFFD3CE-38CE-4B69-9A93-B6F8E5394CC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.48.0:*:*:*:*:*:*:*", "matchCriteriaId": "4529DFF4-B595-47AE-8F93-7A67768A82F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.48.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5A5476F-3574-402A-8551-70955324A55D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.48.2:*:*:*:*:*:*:*", "matchCriteriaId": "F983EFB8-9BDA-44AD-9D19-45F232FEAC53", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.49.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DBF1925-706F-4661-9E7C-04E762419F7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.49.1:*:*:*:*:*:*:*", "matchCriteriaId": "84C84C49-DE87-4879-ABD3-A788987A1E99", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.49.2:*:*:*:*:*:*:*", "matchCriteriaId": "5794EBDF-878A-426E-B3DC-4A5CBD3DCE06", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.49.3:*:*:*:*:*:*:*", "matchCriteriaId": "5915B364-0146-49FC-8708-06EE99800CD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.49.4:*:*:*:*:*:*:*", "matchCriteriaId": "4B162B88-927D-4761-90E2-51869ABAFABA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.50.0:*:*:*:*:*:*:*", "matchCriteriaId": "5DA45689-7905-45CF-A71B-13CF4A609E7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.50.1:*:*:*:*:*:*:*", "matchCriteriaId": "828FC0D7-D7DC-4A55-B32D-D0D60E3E5AB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.51.0:*:*:*:*:*:*:*", "matchCriteriaId": "59D4CC11-F44F-42CA-B78F-FC96F4936456", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.52.0:*:*:*:*:*:*:*", "matchCriteriaId": "191F4459-A96C-4376-96AE-6EF14E09AB82", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.53.0:*:*:*:*:*:*:*", "matchCriteriaId": "606DD15D-9973-4B5A-845C-5264CC9FC28A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.54.0:*:*:*:*:*:*:*", "matchCriteriaId": "50085232-AA00-4213-B662-7D8B7B488E93", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.54.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE7B5363-2506-4712-B8FC-B8AB91A9FA30", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.54.2:*:*:*:*:*:*:*", "matchCriteriaId": "9EB9F77E-72E1-44C2-9DB3-AE3450B20F82", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.55.0:*:*:*:*:*:*:*", "matchCriteriaId": "452815AF-AF46-4B34-8005-2EF3E0DE10A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.55.1:*:*:*:*:*:*:*", "matchCriteriaId": "F04CA793-BA74-439D-994A-AB81EBFB283E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.56.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11D2B2F-4948-4D31-A484-422985115575", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.57.0:*:*:*:*:*:*:*", "matchCriteriaId": "8D448E0E-2F92-4B30-A127-53A3A8ED0A3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.57.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "F9F6F05B-B0C9-4DAD-B848-F1B577B360B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.57.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "9F1263E3-91BF-4038-8E70-725CB2BEF646", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.57.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "8F71F660-9087-40F4-A656-50E18EDC0BF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.57.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "7D1F8BF1-64BC-44DB-AE75-5BDF29F30F7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.57.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D984700-ED1F-4C03-81D7-E59EE51E5825", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketchat:rocket.chat:0.57.2:*:*:*:*:*:*:*", "matchCriteriaId": "57F4A695-0C1D-4E21-8137-29B85760DD04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages."}, {"lang": "es", "value": "En Rocket.Chat versi\u00f3n 0.8.0 y m\u00e1s recientes, es vulnerable a ataques de tipo Cross-Site Scripting (XSS) en el enlace markdown al analizar c\u00f3digo para los mensajes."}], "id": "CVE-2017-1000054", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-17T13:18:17.673", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "URL Repurposed"], "url": "https://www.theblazehen.com/posts/CVE-2017-xxxxxx-rocketchat-xss-with-markdown-url-handling-in-messages/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "URL Repurposed"], "url": "https://www.theblazehen.com/posts/CVE-2017-xxxxxx-rocketchat-xss-with-markdown-url-handling-in-messages/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}