Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-03-18T18:00:22
Updated: 2024-08-02T23:47:42.975Z
Reserved: 2022-03-17T00:00:00
Link: CVE-2022-1002
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-03-18T18:15:12.067
Modified: 2022-03-29T14:53:37.857
Link: CVE-2022-1002
Redhat
No data.