Unrated severityOSV Advisory· Published Mar 26, 2021· Updated Aug 3, 2024
CVE-2021-22886
CVE-2021-22886
Description
Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20.10.0, 0.10.1, 0.10.2, …+ 1 more
- (no CPE)range: 0.10.0, 0.10.1, 0.10.2, …
- (no CPE)range: <3.8.8 || >=3.9.0 <3.9.7 || >=3.10.0 <3.10.5 || >=3.11.0 <3.11.0
Patches
Vulnerability mechanics
References
3- docs.rocket.chat/guides/security/security-updatesmitrex_refsource_MISC
- github.com/RocketChat/Rocket.Chat/pull/20430mitrex_refsource_MISC
- hackerone.com/reports/1014459mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.