Security Advisory

CVE-2021-22886

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-26 18:15:54

Last updated 2024-08-03 18:58:24

Assigner hackerone

State PUBLISHED

Description

Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app.

← Browse all CVEs View on cve.org ↗