Vulnerabilities > Rocket Chat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-46934 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). | 6.1 |
| 2024-09-25 | CVE-2024-47048 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps. | 5.4 |
| 2024-09-02 | CVE-2024-45621 | Cross-site Scripting vulnerability in Rocket.Chat The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents. | 5.4 |
| 2023-05-11 | CVE-2023-28325 | Improper Authentication vulnerability in Rocket.Chat An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room. | 6.5 |
| 2023-05-11 | CVE-2023-28357 | Information Exposure vulnerability in Rocket.Chat A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. | 4.3 |
| 2023-05-11 | CVE-2023-28358 | Cross-site Scripting vulnerability in Rocket.Chat A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. | 6.1 |
| 2023-05-11 | CVE-2023-28359 | SQL Injection vulnerability in Rocket.Chat A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. | 5.3 |
| 2023-05-09 | CVE-2023-28317 | Unspecified vulnerability in Rocket.Chat A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order. | 5.3 |
| 2023-05-09 | CVE-2023-28318 | Unspecified vulnerability in Rocket.Chat A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. | 5.3 |
| 2022-09-23 | CVE-2022-32218 | Information Exposure Through Discrepancy vulnerability in Rocket.Chat An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. | 4.3 |