Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow
Description
Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Mattermost Confluence plugin <1.7.0 has a stored XSS vulnerability where malicious display names in OAuth links execute arbitrary JavaScript.
Vulnerability
Overview
The Mattermost Confluence plugin versions prior to 1.7.0 contain a stored cross-site scripting (XSS) vulnerability in its HTML template rendering. The plugin fails to properly escape user-controlled display names during the rendering of OAuth2 connection links. This allows an authenticated Confluence user with a maliciously crafted display name to inject arbitrary JavaScript code that will be executed in the browser of any Mattermost user who visits a specially crafted link. [1]
Exploitation
Prerequisites
An attacker must have an authenticated Confluence account and set their display name to include a JavaScript payload. The attacker then sends a specially crafted OAuth2 connection link to a Mattermost user. When the victim clicks the link, the plugin renders the attacker's display name without sanitization, causing the injected script to execute in the victim's browser. [1]
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser session. This can lead to session hijacking, data exfiltration, or further malicious actions within the Mattermost or Confluence environment. [1]
Mitigation
The vulnerability is fixed in the Mattermost Confluence plugin version 1.7.0. Users should upgrade to this version or later to mitigate the risk. [1]
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost-plugin-confluenceGo | < 1.7.0 | 1.7.0 |
Affected products
2- Range: <1.7.0
- Mattermost/Mattermost Confluence Pluginv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-ffx7-34p2-vm3wghsaADVISORY
- mattermost.com/security-updatesghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-13523ghsaADVISORY
News mentions
0No linked articles in our index yet.