Vulnerabilities > Rocket Chat > Rocket Chat > 3.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-32832 | Unspecified vulnerability in Rocket.Chat Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. | 6.5 |
| 2021-08-09 | CVE-2021-22910 | Unspecified vulnerability in Rocket.Chat A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. | 9.8 |
| 2021-05-27 | CVE-2021-22892 | Information Exposure Through Discrepancy vulnerability in Rocket.Chat An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks. | 7.5 |
| 2021-03-26 | CVE-2021-22886 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. | 6.1 |
| 2021-01-26 | CVE-2020-8292 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes. | 5.4 |
| 2021-01-26 | CVE-2020-8288 | Cross-site Scripting vulnerability in Rocket.Chat The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter. | 5.4 |
| 2021-01-08 | CVE-2020-28208 | Information Exposure Through Discrepancy vulnerability in Rocket.Chat An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1. | 5.3 |
| 2020-12-30 | CVE-2020-29594 | Unspecified vulnerability in Rocket.Chat Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. | 9.8 |