Vulnerabilities > Rocket Chat > Rocket Chat > 3.9.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-26 | CVE-2020-8288 | Cross-site Scripting vulnerability in Rocket.Chat The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter. | 3.5 |
2021-01-08 | CVE-2020-28208 | Information Exposure Through Discrepancy vulnerability in Rocket.Chat An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1. | 5.0 |