CVE-2022-1002

Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
References
Link Resource
https://hackerone.com/reports/1443567 Exploit Third Party Advisory
https://mattermost.com/security-updates/ Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-03-18 18:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-1002

Mitre link : CVE-2022-1002

CVE.ORG link : CVE-2022-1002


JSON object : View

Products Affected

mattermost

  • mattermost
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)