Vulnerabilities > Mattermost
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-17 | CVE-2021-37863 | Improper Input Validation vulnerability in Mattermost Server Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post. | 5.7 |
| 2021-12-09 | CVE-2021-37861 | Information Exposure Through Log Files vulnerability in Mattermost Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails. | 7.5 |
| 2021-09-22 | CVE-2021-37860 | Cross-site Scripting vulnerability in Mattermost Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP. | 6.1 |
| 2021-08-05 | CVE-2021-37859 | Cross-site Scripting vulnerability in Mattermost Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost. | 6.1 |
| 2020-06-26 | CVE-2020-13891 | Unspecified vulnerability in Mattermost An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. | 7.5 |
| 2020-06-19 | CVE-2017-18921 | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. | 6.1 |
| 2020-06-19 | CVE-2017-18920 | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.6.2. | 9.8 |
| 2020-06-19 | CVE-2017-18919 | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. | 5.3 |
| 2020-06-19 | CVE-2017-18918 | Improper Certificate Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. | 4.9 |
| 2020-06-19 | CVE-2017-18917 | Use of Password Hash With Insufficient Computational Effort vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 7.5 |