Security Advisory

CVE-2023-1421

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-15 22:51:25
Last updated 2024-12-06 23:06:14
Assigner Mattermost
State PUBLISHED

Description

A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.