CVE-2016-11083
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.
Source: CVE-2016-11083
[월:] 2020년 06월
CVE-2016-11070
CVE-2016-11070
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.
Source: CVE-2016-11070
CVE-2016-11079
CVE-2016-11079
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.
Source: CVE-2016-11079
CVE-2016-11062
CVE-2016-11062
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.
Source: CVE-2016-11062
CVE-2016-11068
CVE-2016-11068
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.
Source: CVE-2016-11068
CVE-2016-11067
CVE-2016-11067
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
Source: CVE-2016-11067
CVE-2016-11065
CVE-2016-11065
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post’s appearance.
Source: CVE-2016-11065
CVE-2016-11066
CVE-2016-11066
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
Source: CVE-2016-11066
CVE-2016-11063
CVE-2016-11063
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.
Source: CVE-2016-11063
CVE-2016-11064
CVE-2016-11064
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.
Source: CVE-2016-11064