Vulnerabilities > Rocket Chat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-18 | CVE-2020-15926 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side. | 6.1 |
| 2019-10-21 | CVE-2019-17220 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. | 6.1 |
| 2018-07-11 | CVE-2018-13879 | Cross-site Scripting vulnerability in Rocket.Chat A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. | 5.4 |
| 2018-07-11 | CVE-2018-13878 | Cross-site Scripting vulnerability in Rocket.Chat An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. | 6.1 |