CVE-2016-11073 — Cross-site Scripting in Mattermost Mattermost-server

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 37.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 19

Latest updateOct 30

Description

An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

OSV

Mattermost Server is vulnerable to XSS via a Legal or Support setting in github.com/mattermost/mattermost-server↗2025-10-30

▶

OSV

Mattermost Server is vulnerable to XSS via a Legal or Support setting↗2022-05-24

▶

GHSA

Mattermost Server is vulnerable to XSS via a Legal or Support setting↗2022-05-24

▶

CVEList

CVE-2016-11073: An issue was discovered in Mattermost Server before 3↗2020-06-19

▶