CVE-2020-8288

Publication date

2021-01-21 19:13:16

Family

hackerone

State

PUBLISHED

Description

The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.