Security Advisory

CVE-2023-35075

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-27 09:09:19

Last updated 2025-06-03 14:01:04

Assigner Mattermost

State PUBLISHED

Description

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victims page by create a channel name that is valid HTML. No XSS is possible though.

← Browse all CVEs View on cve.org ↗