CVE-2017-18907
published 2020-06-19CVE-2017-18907: An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.69%
48.2th percentile
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-server | >= 0 < 3.9.2-0.20170714014920-312269ad0bd1 | 3.9.2-0.20170714014920-312269ad0bd1 |
| github.com | mattermost_mattermost-server | >= 3.10.0 < 3.10.2 | 3.10.2 |
| github.com | mattermost_mattermost-server | >= 3.10.0+incompatible < 3.10.2+incompatible | 3.10.2+incompatible |
| mattermost | mattermost_server | < 3.9.2 | 3.9.2 |
| mattermost | mattermost_server | >= 3.10.0 < 3.10.2 | 3.10.2 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Mattermost Server vulnerable to XSS through channel headers in github.com/mattermost/mattermost-server
osv·2026-02-17
CVE-2017-18907 Mattermost Server vulnerable to XSS through channel headers in github.com/mattermost/mattermost-server
Mattermost Server vulnerable to XSS through channel headers in github.com/mattermost/mattermost-server
Mattermost Server vulnerable to XSS through channel headers in github.com/mattermost/mattermost-server.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/mattermost/mattermost-server before v3.9.2-0.20170714014920-312269ad0bd1.
OSV
Mattermost Server vulnerable to XSS through channel headers
osv·2022-05-24
CVE-2017-18907 [MEDIUM] Mattermost Server vulnerable to XSS through channel headers
Mattermost Server vulnerable to XSS through channel headers
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
GHSA
Mattermost Server vulnerable to XSS through channel headers
ghsa·2022-05-24
CVE-2017-18907 [MEDIUM] CWE-79 Mattermost Server vulnerable to XSS through channel headers
Mattermost Server vulnerable to XSS through channel headers
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-06-19
Published