Medium severity5.4OSV Advisory· Published Jul 11, 2018· Updated Jun 17, 2026
CVE-2018-13879
CVE-2018-13879
Description
A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20.10.0, 0.10.1, 0.10.2, …+ 1 more
- (no CPE)range: 0.10.0, 0.10.1, 0.10.2, …
- (no CPE)range: <0.66
Patches
Vulnerability mechanics
References
1- github.com/RocketChat/Rocket.Chat/issues/10795nvdThird Party Advisory
News mentions
0No linked articles in our index yet.