Vulnerabilities > Rocket Chat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-46934 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). | 6.1 |
| 2024-09-25 | CVE-2024-46935 | Unspecified vulnerability in Rocket.Chat Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). | 7.5 |
| 2024-09-25 | CVE-2024-47048 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps. | 5.4 |
| 2024-09-02 | CVE-2024-45621 | Cross-site Scripting vulnerability in Rocket.Chat The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents. | 5.4 |
| 2024-08-05 | CVE-2024-39713 | Server-Side Request Forgery (SSRF) vulnerability in Rocket.Chat A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. | 8.6 |
| 2023-05-11 | CVE-2023-28325 | Improper Authentication vulnerability in Rocket.Chat An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room. | 6.5 |
| 2023-05-11 | CVE-2023-28356 | Resource Exhaustion vulnerability in Rocket.Chat A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive. | 7.5 |
| 2023-05-11 | CVE-2023-28357 | Information Exposure vulnerability in Rocket.Chat A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. | 4.3 |
| 2023-05-11 | CVE-2023-28358 | Cross-site Scripting vulnerability in Rocket.Chat A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. | 6.1 |
| 2023-05-11 | CVE-2023-28359 | SQL Injection vulnerability in Rocket.Chat A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. | 5.3 |