Vulnerabilities > Rocket Chat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2020-8292 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes. | 4.3 |
| 2021-01-26 | CVE-2020-8288 | Cross-site Scripting vulnerability in Rocket.Chat The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter. | 3.5 |
| 2021-01-08 | CVE-2020-28208 | Information Exposure Through Discrepancy vulnerability in Rocket.Chat An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1. | 5.0 |
| 2020-12-30 | CVE-2020-29594 | Unspecified vulnerability in Rocket.Chat Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. | 7.5 |
| 2020-08-18 | CVE-2020-15926 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side. | 4.3 |
| 2019-10-21 | CVE-2019-17220 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. | 4.3 |
| 2018-07-11 | CVE-2018-13879 | Cross-site Scripting vulnerability in Rocket.Chat A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. | 3.5 |
| 2018-07-11 | CVE-2018-13878 | Cross-site Scripting vulnerability in Rocket.Chat An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. | 4.3 |
| 2018-01-03 | CVE-2017-1000493 | Injection vulnerability in Rocket.Chat Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover | 7.5 |