Mattermost Cross-site Scripting vulnerability · CVE-2023-7113 · GitHub Advisory Database · GitHub

Mattermost Cross-site Scripting vulnerability

Low severity GitHub Reviewed Published Dec 29, 2023 to the GitHub Advisory Database • Updated Aug 7, 2024

Package

github.com/mattermost/mattermost/server/v8 (Go)

Affected versions

< 8.1.7

Patched versions

8.1.7

Description

Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client.

References

Published by the National Vulnerability Database

Dec 29, 2023

Published to the GitHub Advisory Database Dec 29, 2023

Reviewed Jan 3, 2024

Last updated Aug 7, 2024