Vulnerabilities > Rocket Chat

DATE CVE VULNERABILITY TITLE RISK
2022-09-23 CVE-2022-35250 Incorrect Permission Assignment for Critical Resource vulnerability in Rocket.Chat
A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.
network
low complexity
rocket-chat CWE-732
4.3
2022-09-23 CVE-2022-35251 Cross-site Scripting vulnerability in Rocket.Chat
A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users.
network
low complexity
rocket-chat CWE-79
5.4
2022-04-01 CVE-2022-21830 Cross-site Scripting vulnerability in Rocket.Chat Livechat
A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance.
network
low complexity
rocket-chat CWE-79
6.1
2021-10-18 CVE-2020-8291 Cross-site Scripting vulnerability in Rocket.Chat
A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.
network
low complexity
rocket-chat CWE-79
6.1
2021-08-30 CVE-2021-32832 Unspecified vulnerability in Rocket.Chat
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript.
network
low complexity
rocket-chat
6.5
2021-08-09 CVE-2021-22910 Unspecified vulnerability in Rocket.Chat
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
network
low complexity
rocket-chat
critical
9.8
2021-07-05 CVE-2020-26763 Unspecified vulnerability in Rocket.Chat 2.17.11
The Rocket.Chat desktop application 2.17.11 opens external links without user interaction.
network
low complexity
rocket-chat
7.5
2021-05-27 CVE-2021-22892 Information Exposure Through Discrepancy vulnerability in Rocket.Chat
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.
network
low complexity
rocket-chat CWE-203
7.5
2021-05-27 CVE-2021-22911 Unspecified vulnerability in Rocket.Chat 3.11.0/3.12.0/3.13.0
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
network
low complexity
rocket-chat
critical
9.8
2021-03-26 CVE-2021-22886 Cross-site Scripting vulnerability in Rocket.Chat
Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message.
network
low complexity
rocket-chat CWE-79
6.1