CVE-2023-1421
published 2023-03-15CVE-2023-1421: A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mattermost | mattermost | >= 5.32.0 < 7.7 | 7.7 |
| mattermost | mattermost_server | >= 5.32.0 < 7.7.0 | 7.7.0 |