Unrated severityNVD Advisory· Published Sep 24, 2024· Updated Mar 25, 2025
CVE-2024-46934
CVE-2024-46934
Description
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=6.12.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.