CVE-2021-37860

Publication date

2021-09-22 16:40:43

Family

Mattermost

State

PUBLISHED

Description

Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP.