Vulnerabilities > Rocket Chat
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-30 | CVE-2020-29594 | Unspecified vulnerability in Rocket.Chat Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. | 7.5 |
2020-08-18 | CVE-2020-15926 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side. | 4.3 |
2019-10-21 | CVE-2019-17220 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. | 4.3 |
2018-07-11 | CVE-2018-13879 | Cross-site Scripting vulnerability in Rocket.Chat A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. | 3.5 |
2018-07-11 | CVE-2018-13878 | Cross-site Scripting vulnerability in Rocket.Chat An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. | 4.3 |
2018-01-03 | CVE-2017-1000493 | Injection vulnerability in Rocket.Chat Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover | 7.5 |