VYPR
Unrated severityOSV Advisory· Published Mar 26, 2021· Updated Aug 3, 2024

CVE-2021-22886

CVE-2021-22886

Description

Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • RocketChat/Rocket.chatOSV2 versions
    0.10.0, 0.10.1, 0.10.2, …+ 1 more
    • (no CPE)range: 0.10.0, 0.10.1, 0.10.2, …
    • (no CPE)range: <3.8.8 || >=3.9.0 <3.9.7 || >=3.10.0 <3.10.5 || >=3.11.0 <3.11.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.