N/A

A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Rocket.Chat 跨站脚本漏洞

Rocket.Chat是一套开源的团队聊天软件。 Rocket.Chat存在安全漏洞，该漏洞源于攻击者可以通过完整的聊天窗口实现跨站脚本样式注入导致可以操纵它的样式、阻止功能和劫持目标用户的内容。以下版本受到影响：4.1.0的 ”marked“ parser版本。

N/A

N/A