Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTML Injection while inviting Guests
Vulnerability Description
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)
Vulnerability Title
Mattermost 跨站脚本漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 6.3.0存在安全漏洞,该漏洞允许具有特殊权限的注册用户邀请访客用户在电子邮件邀请中注入未转义的 HTML 内容。
CVSS Information
N/A
Vulnerability Type
N/A