CVE-2023-35075

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 27, 2023
Updated: Nov 30, 2023
CWE ID 74

Summary

CVE-2023-35075 is a vulnerability affecting Mattermost, an open-source team communication platform. The issue lies in the way Mattermost sets channel names during autocomplete in the web application. Instead of using innerText or textContent, Mattermost uses other methods, leaving the door open for attackers to inject valid HTML code into a victim's page. However, no Cross-Site Scripting (XSS) exploitation is possible through this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Mattermost
  • Mattermost Mattermost

Affected Vendors

  • Mattermost, Inc.