CVE-2017-18904Cross-site Scripting in Mattermost Mattermost-server

CWE-79Cross-site Scripting5 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 41.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Mattermost Mattermost-serverMattermost Server
Timeline
PublishedJun 19
Latest updateJan 13

Description

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDmattermost/mattermost_server3.10.03.10.2+1
Gogithub.com/mattermost_mattermost-server3.10.0+incompatible3.10.2+incompatible+3

🔴Vulnerability Details

4
OSV
Mattermost Server vulnerable to XSS via an uploaded file in github.com/mattermost/mattermost-server2026-01-13
OSV
Mattermost Server vulnerable to XSS via an uploaded file2022-05-24
GHSA
Mattermost Server vulnerable to XSS via an uploaded file2022-05-24
CVEList
CVE-2017-18904: An issue was discovered in Mattermost Server before 42020-06-19
CVE-2017-18904 — Cross-site Scripting | cvebase