Vulnerabilities > Mattermost > Mattermost Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-17 | CVE-2021-37863 | Improper Input Validation vulnerability in Mattermost Server Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post. | 5.7 |
| 2020-06-19 | CVE-2017-18921 | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. | 6.1 |
| 2020-06-19 | CVE-2017-18919 | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. | 5.3 |
| 2020-06-19 | CVE-2017-18918 | Improper Certificate Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. | 4.9 |
| 2020-06-19 | CVE-2017-18916 | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 5.3 |
| 2020-06-19 | CVE-2017-18914 | Improper Check for Unusual or Exceptional Conditions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 5.3 |
| 2020-06-19 | CVE-2017-18913 | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 6.1 |
| 2020-06-19 | CVE-2017-18907 | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. | 6.1 |
| 2020-06-19 | CVE-2017-18905 | Insufficient Session Expiration vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | 5.3 |
| 2020-06-19 | CVE-2016-11084 | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 2.1.0. | 6.1 |