Vulnerabilities > Rocket Chat

DATE CVE VULNERABILITY TITLE RISK
2021-01-26 CVE-2020-8292 Cross-site Scripting vulnerability in Rocket.Chat
Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.
network
low complexity
rocket-chat CWE-79
5.4
2021-01-26 CVE-2020-8288 Cross-site Scripting vulnerability in Rocket.Chat
The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.
network
low complexity
rocket-chat CWE-79
5.4
2021-01-08 CVE-2020-28208 Information Exposure Through Discrepancy vulnerability in Rocket.Chat
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.
network
low complexity
rocket-chat CWE-203
5.3
2020-12-30 CVE-2020-29594 Unspecified vulnerability in Rocket.Chat
Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login.
network
low complexity
rocket-chat
critical
9.8
2020-08-18 CVE-2020-15926 Cross-site Scripting vulnerability in Rocket.Chat
Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side.
network
low complexity
rocket-chat CWE-79
6.1
2019-10-21 CVE-2019-17220 Cross-site Scripting vulnerability in Rocket.Chat
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
network
low complexity
rocket-chat CWE-79
6.1
2018-07-11 CVE-2018-13879 Cross-site Scripting vulnerability in Rocket.Chat
A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66.
network
low complexity
rocket-chat CWE-79
5.4
2018-07-11 CVE-2018-13878 Cross-site Scripting vulnerability in Rocket.Chat
An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65.
network
low complexity
rocket-chat CWE-79
6.1
2018-01-03 CVE-2017-1000493 Injection vulnerability in Rocket.Chat
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover
network
low complexity
rocket-chat CWE-74
critical
9.8