Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mattermost Subscribe
Total 288 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18905 1 Mattermost 1 Mattermost Server 2020-06-25 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.
CVE-2016-11071 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
CVE-2017-18903 1 Mattermost 1 Mattermost Server 2020-06-25 5.1 MEDIUM 8.8 HIGH
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.
CVE-2017-18904 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.
CVE-2017-18909 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.
CVE-2017-18910 1 Mattermost 1 Mattermost Server 2020-06-25 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.
CVE-2016-11063 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.
CVE-2016-11070 1 Mattermost 1 Mattermost Server 2020-06-25 3.5 LOW 5.4 MEDIUM
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.
CVE-2016-11073 1 Mattermost 1 Mattermost Server 2020-06-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.
CVE-2016-11067 1 Mattermost 1 Mattermost Server 2020-06-24 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
CVE-2017-18877 1 Mattermost 1 Mattermost Server 2020-06-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.
CVE-2016-11068 1 Mattermost 1 Mattermost Server 2020-06-24 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.
CVE-2017-18907 1 Mattermost 1 Mattermost Server 2020-06-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.
CVE-2017-18913 1 Mattermost 1 Mattermost Server 2020-06-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
CVE-2017-18921 1 Mattermost 1 Mattermost Server 2020-06-24 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.
CVE-2018-21248 1 Mattermost 1 Mattermost Server 2020-06-24 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.
CVE-2016-11066 1 Mattermost 1 Mattermost Server 2020-06-24 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
CVE-2018-21249 1 Mattermost 1 Mattermost Server 2020-06-23 4.3 MEDIUM 3.7 LOW
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.
CVE-2018-21258 1 Mattermost 1 Mattermost Server 2020-06-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.
CVE-2016-11084 1 Mattermost 1 Mattermost Server 2020-06-23 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.