N/A

A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Rocket.Chat 跨站脚本漏洞

Rocket.Chat是一套开源的团队聊天软件。 Rocket.Chat 存在安全漏洞，该漏洞源于在“Search Messages”功能中的malicious允许插入恶意标签，攻击者利用该漏洞可以帐户接管。

N/A

N/A