CVE-2023-1776Cross-site Scripting in Mattermost

CWE-79Cross-site Scripting6 documents5 sources
Severity
5.4MEDIUMNVD
CNA7.3
EPSS
0.7%
top 27.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
MattermostGithub.com Mattermost Mattermost-serverGithub.com Mattermost Mattermost-server V5+2 more
Timeline
PublishedMar 31
Latest updateSep 6

Description

Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

CVEListV5mattermost/mattermost3.3.07.8.0+2

🔴Vulnerability Details

3
CVEList
Stored XSS via SVG attachment on Boards2023-03-31
OSV
Mattermost vulnerable to cross-site scripting (XSS)2023-03-31
GHSA
Mattermost vulnerable to cross-site scripting (XSS)2023-03-31

🕵️Threat Intelligence

1
Talos
Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication2023-09-06
CVE-2023-1776 — Cross-site Scripting in Mattermost | cvebase