CVE-2018-13878

CVE-2018-13878

An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel.

Source: CVE-2018-13878

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다