Vulnerabilities > Rocket Chat

DATE CVE VULNERABILITY TITLE RISK
2021-10-18 CVE-2020-8291 Cross-site Scripting vulnerability in Rocket.Chat
A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.
4.3
2021-08-30 CVE-2021-32832 Resource Exhaustion vulnerability in Rocket.Chat
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript.
network
low complexity
rocket-chat CWE-400
4.0
2021-08-09 CVE-2021-22910 Injection vulnerability in Rocket.Chat
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
network
low complexity
rocket-chat CWE-74
7.5
2021-07-05 CVE-2020-26763 Unspecified vulnerability in Rocket.Chat 2.17.11
The Rocket.Chat desktop application 2.17.11 opens external links without user interaction.
network
low complexity
rocket-chat
5.0
2021-05-27 CVE-2021-22892 Information Exposure vulnerability in Rocket.Chat
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.
network
low complexity
rocket-chat CWE-200
5.0
2021-05-27 CVE-2021-22911 Improper Input Validation vulnerability in Rocket.Chat 3.11.0/3.12.0/3.13.0
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
network
low complexity
rocket-chat CWE-20
7.5
2021-03-26 CVE-2021-22886 Cross-site Scripting vulnerability in Rocket.Chat
Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message.
4.3
2021-01-26 CVE-2020-8292 Cross-site Scripting vulnerability in Rocket.Chat
Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.
4.3
2021-01-26 CVE-2020-8288 Cross-site Scripting vulnerability in Rocket.Chat
The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.
3.5
2021-01-08 CVE-2020-28208 Information Exposure Through Discrepancy vulnerability in Rocket.Chat
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.
network
low complexity
rocket-chat CWE-203
5.0