CVE-2023-35075
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Nov 27, 2023
Updated: Nov 30, 2023
CWE ID 74
Summary
CVE-2023-35075 is a vulnerability affecting Mattermost, an open-source team communication platform. The issue lies in the way Mattermost sets channel names during autocomplete in the web application. Instead of using innerText or textContent, Mattermost uses other methods, leaving the door open for attackers to inject valid HTML code into a victim's page. However, no Cross-Site Scripting (XSS) exploitation is possible through this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Mattermost
- Mattermost Mattermost
Affected Vendors
- Mattermost, Inc.