Vulnerabilities > Mattermost > Mattermost Server > 7.2.0

DATE CVE VULNERABILITY TITLE RISK
2023-03-15 CVE-2023-1421 Cross-site Scripting vulnerability in Mattermost Server
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.
network
low complexity
mattermost CWE-79
6.1
2023-02-27 CVE-2023-27265 Exposure of Resource to Wrong Sphere vulnerability in Mattermost Server
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
network
low complexity
mattermost CWE-668
2.7
2023-02-27 CVE-2023-27266 Information Exposure vulnerability in Mattermost Server
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the /api/v4/users/me/teams API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response.
network
low complexity
mattermost CWE-200
2.7