Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Rocket.Chat 跨站脚本漏洞
Vulnerability Description
Rocket.Chat是一个开源的搭建在JavaScript中的使用Meteor fullstack框架开发的Web聊天服务器。 Rocket.Chat 0.65之前版本中的packages/rocketchat-mentions/Mentions.js文件存在跨站脚本漏洞,该漏洞源于程序没有编码所显示用户名的真实姓名。攻击者可利用该漏洞泄露通道内管理员或每个用户的令牌。
CVSS Information
N/A
Vulnerability Type
N/A