Show filters
229 Total Results
Displaying 101-110 of 229
Sort by:
Attacker Value
Unknown

CVE-2017-18913

Disclosure Date: June 19, 2020 (last updated February 21, 2025)
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2017-18916

Disclosure Date: June 19, 2020 (last updated February 21, 2025)
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-11078

Disclosure Date: June 19, 2020 (last updated February 21, 2025)
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2017-18908

Disclosure Date: June 19, 2020 (last updated February 21, 2025)
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-11084

Disclosure Date: June 19, 2020 (last updated February 21, 2025)
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2016-11067

Disclosure Date: June 19, 2020 (last updated February 21, 2025)
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-11066

Disclosure Date: June 19, 2020 (last updated February 21, 2025)
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-11081

Disclosure Date: June 19, 2020 (last updated February 21, 2025)
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-11071

Disclosure Date: June 19, 2020 (last updated February 21, 2025)
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2016-11076

Disclosure Date: June 19, 2020 (last updated February 21, 2025)
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >