Unrated severityNVD Advisory· Published Aug 18, 2020· Updated Aug 4, 2024
CVE-2020-15926
CVE-2020-15926
Description
Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side.
Affected products
2- Rocket.Chat/Rocket.Chatdescription
- Range: <=3.4.2
Patches
Vulnerability mechanics
References
3- blog.redteam.pl/2020/08/rocket-chat-xss-rce-cve-2020-15926.htmlmitrex_refsource_MISC
- github.com/RocketChat/Rocket.Chat/commits/developmitrex_refsource_MISC
- github.com/RocketChat/Rocket.Chat/pull/18356mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.