Vulnerabilities > Mattermost > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-22 CVE-2021-37860 Cross-site Scripting vulnerability in Mattermost
Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP.
network
low complexity
mattermost CWE-79
6.1
2021-08-05 CVE-2021-37859 Cross-site Scripting vulnerability in Mattermost
Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.
network
low complexity
mattermost CWE-79
6.1
2020-06-19 CVE-2017-18921 Cross-site Scripting vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2.
network
low complexity
mattermost CWE-79
6.1
2020-06-19 CVE-2017-18919 Improper Authentication vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3.
network
low complexity
mattermost CWE-287
5.3
2020-06-19 CVE-2017-18918 Improper Certificate Validation vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5.
network
low complexity
mattermost CWE-295
4.9
2020-06-19 CVE-2017-18916 Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
network
low complexity
mattermost CWE-732
5.3
2020-06-19 CVE-2017-18914 Improper Check for Unusual or Exceptional Conditions vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
network
low complexity
mattermost CWE-754
5.3
2020-06-19 CVE-2017-18913 Cross-site Scripting vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.
network
low complexity
mattermost CWE-79
6.1
2020-06-19 CVE-2017-18907 Cross-site Scripting vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2.
network
low complexity
mattermost CWE-79
6.1
2020-06-19 CVE-2017-18905 Insufficient Session Expiration vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
network
low complexity
mattermost CWE-613
5.3