VYPR
Medium severity5.4OSV Advisory· Published Jul 11, 2018· Updated Jun 17, 2026

CVE-2018-13879

CVE-2018-13879

Description

A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • RocketChat/Rocket.chatOSV2 versions
    0.10.0, 0.10.1, 0.10.2, …+ 1 more
    • (no CPE)range: 0.10.0, 0.10.1, 0.10.2, …
    • (no CPE)range: <0.66

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.